CVE-2026-0102

{"id": "CVE-2026-0102", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2026-02-17T20:22:05.500", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata."}, {"lang": "es", "value": "Bajo condiciones espec\u00edficas, una p\u00e1gina web maliciosa puede activar el llenado autom\u00e1tico despu\u00e9s de dos toques consecutivos, potencialmente sin el consentimiento claro o intencional del usuario. Esto podr\u00eda resultar en la divulgaci\u00f3n de datos de autocompletado almacenados, como direcciones, correo electr\u00f3nico o metadatos de n\u00fameros de tel\u00e9fono."}], "lastModified": "2026-02-19T15:39:08.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7625822C-F0EF-4A29-B90B-7B4E15C8E3C2", "versionEndExcluding": "145.0.3800.58"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}