{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0102", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-10-17T23:35:05.037Z", "datePublished": "2026-02-17T19:14:32.901Z", "dateUpdated": "2026-02-17T19:26:02.183Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "datePublic": "2026-02-17T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "145.0.3800.58"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"version": "1.0.0.0", "lessThan": "145.0.3800.58", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en-US", "type": "CWE", "cweId": "CWE-359"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-17T19:26:02.183Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata."}], "id": "CVE-2026-0102", "lastModified": "2026-02-17T20:22:05.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-02-17T20:22:05.500", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{}