Critical severity9.3NVD Advisory· Published Nov 26, 2024· Updated Jun 17, 2026
CVE-2024-49038
CVE-2024-49038
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
Affected products
2- Microsoft/Microsoft Copilot Studiov5Range: N/A
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49038nvdVendor Advisory
News mentions
0No linked articles in our index yet.