CVE-2026-0102

Summary

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Edge (Chromium-based)1.0.0.0 < 145.0.3800.58affected

Weaknesses

  • CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References