{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata."
    },
    {
      "lang": "es",
      "value": "Bajo condiciones espec\u00edficas, una p\u00e1gina web maliciosa puede activar el llenado autom\u00e1tico despu\u00e9s de dos toques consecutivos, potencialmente sin el consentimiento claro o intencional del usuario. Esto podr\u00eda resultar en la divulgaci\u00f3n de datos de autocompletado almacenados, como direcciones, correo electr\u00f3nico o metadatos de n\u00fameros de tel\u00e9fono."
    }
  ],
  "id": "CVE-2026-0102",
  "lastModified": "2026-02-18T17:51:53.510",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-17T20:22:05.500",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-359"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2026-0102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-359"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T20:22:05Z",
    "severity": "LOW"
  },
  "details": "Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.",
  "id": "GHSA-vp3m-qh4p-wg7c",
  "modified": "2026-02-17T21:31:14Z",
  "published": "2026-02-17T21:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0102"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "\u003ca href=\"https://www.linkedin.com/in/manojkumar-j-7ba35b202/\"\u003eManojkumar Jaganathan\u003c/a\u003e with \u003ca href=\"https://www.hackerbro.net/\"\u003eHacker Bro Technologies\u003c/a\u003e"
        ]
      },
      {
        "names": [
          "Jaganathan Ananthakrishnan with \u003ca href=\"https://hackerbro.net/\"\u003eHackerBro Technologies\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"
      },
      {
        "category": "self",
        "summary": "CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-0102.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability",
    "tracking": {
      "current_release_date": "2026-02-17T08:00:00.000Z",
      "generator": {
        "date": "2026-02-17T19:25:44.021Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-0102",
      "initial_release_date": "2026-02-10T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-02-17T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c145.0.3800.58",
            "product": {
              "name": "Microsoft Edge (Chromium-based) \u003c145.0.3800.58",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "145.0.3800.58",
            "product": {
              "name": "Microsoft Edge (Chromium-based) 145.0.3800.58",
              "product_id": "11655"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Edge (Chromium-based)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-0102",
      "cwe": {
        "id": "CWE-359",
        "name": "Exposure of Private Personal Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The user must visit the attacker\u2011controlled webpage, and perform the two tap gestures that cause autofill to activate.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to craft deceptive or invisible form elements and user to perform two sequential taps.",
          "title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "145.0.3800.58: 145.0.3800.58, 02/17/2026: 02/17/2026, 145.0.7632.45/.46: 145.0.7632.45/.46",
          "title": "What is the version information for this release?"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11655"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"
        },
        {
          "category": "self",
          "summary": "CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-0102.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-17T08:00:00.000Z",
          "details": "145.0.3800.58:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
          "product_ids": [
            "1"
          ],
          "url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 2.7,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Defense in Depth"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely"
        }
      ],
      "title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 145.0.3800.58",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-0102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0102"
    },
    {
      "name": "CVE-2026-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2318"
    },
    {
      "name": "CVE-2026-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2317"
    },
    {
      "name": "CVE-2026-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2323"
    },
    {
      "name": "CVE-2026-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
    },
    {
      "name": "CVE-2026-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2320"
    },
    {
      "name": "CVE-2026-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2313"
    }
  ],
  "initial_release_date": "2026-02-18T00:00:00",
  "last_revision_date": "2026-02-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0184",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2026-2441 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-0102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2317",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2317"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2313",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2313"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2318",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2318"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2323",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2323"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2441",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2441"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-2320",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2320"
    }
  ]
}