CVE-2026-0102

LOW 3.1

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

CVSS Score

3.1

EPSS Score

0.0%

EPSS Percentile

3th

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

Vendor	microsoft
Product	microsoft edge (chromium-based)
Ecosystems	Windows .NET Azure
Industries	TechnologyEnterprise
Published	Feb 17, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for microsoft microsoft edge (chromium-based)

Be the first to know when new low vulnerabilities affecting microsoft microsoft edge (chromium-based) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Microsoft / Microsoft Edge (Chromium-based)

1.0.0.0 < 145.0.3800.58

References

NVD ↗ CVE.org ↗ EPSS Data ↗

msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102