CVE-2026-0102
Autofill Data Disclosure via Tap-Triggered UI Vulnerability in Browsers
Publication date: 2026-02-17
Last updated on: 2026-02-19
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | edge_chromium | to 145.0.3800.58 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent.
This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
How can this vulnerability impact me? :
The vulnerability could lead to unintended disclosure of your stored autofill data, including addresses, email addresses, or phone number metadata.
This means that a malicious webpage might obtain personal information without your clear or intentional consent, potentially compromising your privacy.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know