CVE-2026-0102

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

CVSS 3.1 LOWEPSS 0.5%CWE-359

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

17 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Edge (Chromium-based)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102