Autofill Data Exposure in Microsoft Edge Browser
CVE-2026-0102

3.1LOW

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based)
Vendor: CVE Published:; 17 February 2026

What is CVE-2026-0102?

A vulnerability has been identified in Microsoft Edge that could allow a malicious webpage to manipulate the autofill feature. When users interact with a webpage under certain conditions, it could trigger autofill data population after two consecutive taps, potentially without the user's explicit consent. This behavior presents a risk of unauthorized access to sensitive user data, including addresses, email addresses, and phone number metadata. Users are advised to stay informed about updates from Microsoft and implement security best practices to mitigate potential risks.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 145.0.3800.58

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2026
Vulnerability Reserved
Oct 17, 2025

CVE-2026-0102 Data

JSON