365 Copilot Chat
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33111 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-26164 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-26129 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-47644 | Med | 0.42 | 6.5 | 0.01 | Jun 4, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. |
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.42cvss 6.5epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.