Feb 2026: Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
CVE-2026-0102 Published on February 17, 2026
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
Weakness Type
What is a Privacy violation Vulnerability?
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CVE-2026-0102 has been classified to as a Privacy violation vulnerability or weakness.
Products Associated with CVE-2026-0102
Want to know whenever a new CVE is published for Microsoft Edge Chromium? stack.watch will email you.
Affected Versions
Microsoft Edge (Chromium-based):- Version 1.0.0.0 and below 145.0.3800.58 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.