VYPR
Vypr IntelligenceAI-generatedJun 19, 2026· 13 CVEs

Microsoft Cloud Batch: 13 CVEs Across Copilot, Azure, Exchange, and Developer Tools

Microsoft disclosed 13 vulnerabilities across Copilot, Azure, Exchange, Dynamics 365, Edge, and developer libraries on June 18–19, 2026, including unauthenticated info-disclosure bugs and a credential-leak flaw in the Kiota HTTP library.

Key findings

  • 13 CVEs disclosed June 18–19, 2026 across Copilot, Azure, Exchange, Dynamics 365, Edge, and developer libraries
  • Four Copilot-related flaws include an open redirect, command injection, unauthenticated info disclosure, and an insecure default in VS Code Copilot Chat
  • CVE-2026-49336 leaks bearer tokens and cookies on cross-origin redirect due to case-mismatched scrub in the Kiota HTTP fetch library
  • Two unauthenticated information-disclosure bugs: CVE-2026-54130 (M365 Copilot) and CVE-2026-47633 (Cost Management)
  • No active exploitation reported at disclosure; all fixes included in June 2026 Patch Tuesday or coordinated updates
  • Batch highlights expanding attack surface into AI copilots, cloud-native services, and developer SDKs

Microsoft shipped fixes for 13 vulnerabilities across its cloud, AI, and developer-tooling portfolio on June 18–19, 2026, in a coordinated disclosure batch that spans Copilot, Azure services, Exchange Online, Dynamics 365, and Edge. The batch is notable for its breadth — four distinct Copilot-related CVEs, a cluster of elevation-of-privilege bugs in Azure components, and a credential-leak flaw in the Kiota HTTP fetch library — and for the fact that several of the flaws are exploitable without authentication.

Copilot and AI-Assistant Flaws Dominate the Batch

Four of the 13 CVEs target Microsoft's Copilot ecosystem. CVE-2026-47645 is an open redirect in Microsoft 365 Copilot's Business Chat that lets an unauthorized attacker elevate privileges over a network. CVE-2026-42895 is a command-injection bug in Copilot itself, rated as tampering. CVE-2026-54130 (published June 18) is an information-disclosure vulnerability in M365 Copilot caused by missing authentication for a critical function — and it is exploitable without authentication, making it especially dangerous for tenants that have not yet applied the patch. CVE-2026-50519 affects Visual Studio Code's Copilot Chat and GitHub Copilot, where an insecure default initialization allows an unauthorized attacker to disclose information over a network.

Elevation of Privilege Across Azure and Exchange

A second theme is elevation of privilege (EoP) in core Microsoft cloud services. CVE-2026-48582 in Exchange Online involves missing authorization, allowing an authorized attacker to elevate privileges. CVE-2026-48584 in Azure Synapse is an execution-with-unnecessary-privileges bug. CVE-2026-45480 in Azure Active Directory stems from improper authentication. CVE-2026-32174 in Azure Bot Service (published June 18) is another improper-authentication EoP that requires prior authorization. CVE-2026-47647 in Dynamics 365 (also June 18) is an improper-access-control EoP. All of these require an authenticated attacker as a starting point, but once exploited they could give an adversary broader access within a tenant.

Credential Leak in Kiota HTTP Library

CVE-2026-49336 is a particularly interesting developer-tooling flaw in @microsoft/kiota-http-fetchlibrary, a TypeScript library for Kiota-generated API clients. The RedirectHandler is documented as stripping Authorization and Cookie headers on cross-origin redirects, but a case-mismatch in the scrub logic means the headers can leak to an untrusted target. Versions 1.0.0-preview.97 through 1.0.0-preview.101 are affected. This is the kind of supply-chain bug that could silently compromise API clients built with the library.

Edge, HEIF, and Cost Management Round Out the Batch

CVE-2026-32208 is a cross-site scripting flaw in Chromium-based Microsoft Edge that allows spoofing. CVE-2025-62821 (note the 2025 year in the ID — a carryover CVE) is an out-of-bounds read in the HEIF Image Extensions (version 1.2.22.0) where CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0, leading to a 1-byte allocation and a subsequent out-of-bounds read in CopyPixels. CVE-2026-47633 (published June 18) is an information-disclosure bug in Cost Management Interactive Experiences that is exploitable without authentication.

Patch Status and Mitigations

All 13 CVEs were addressed in Microsoft's June 2026 Patch Tuesday cycle or in coordinated out-of-band updates. The four CVEs published on June 18 — CVE-2026-47647 (Dynamics 365), CVE-2026-54130 (M365 Copilot), CVE-2026-32174 (Azure Bot Service), and CVE-2026-47633 (Cost Management) — were included in that day's advisory batch, as noted by Vypr Intelligence. No active exploitation in the wild had been reported at the time of disclosure. Users of the Kiota HTTP fetch library should update to a version beyond 1.0.0-preview.101; HEIF Image Extensions users should ensure they are on version 1.2.23.0 or later.

Why This Batch Matters

This disclosure event is a reminder that Microsoft's attack surface now extends well beyond Windows and Office into AI copilots, cloud-native services, and developer SDKs. The presence of unauthenticated information-disclosure bugs in Copilot and Cost Management, combined with credential-leak risks in a widely used API client library, means that organizations relying on Microsoft's cloud and AI stack should treat this batch with the same urgency as a traditional Patch Tuesday.

AI-written article. Grounded in 13 CVE records listed below.