Microsoft M365 Copilot 命令注入漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability. Attackers can exploit this vulnerability to alter information...

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

PT-2026-40239

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot for Android affected versions not specified Description Improper access control in the intelligent virtual assistant allows an authorized attacker to perform spoofing attacks locally. Spoofing is a technique where a perso...

PT-2026-40261

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

PT-2026-40250

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

KLA91041 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft 365 Copilot for Android can be exploited remotely t...

@senoldogann/code-companion (>=0.1.38 <=0.1.56), @treeseed/agent (>=0.8.5 <=0.10.0) +6 more potentially affected by CVE-2026-45033 via @github/copilot (>=1.0.27 <=1.0.40)

@github/copilot NPM version =1.0.27, =0.1.38, =0.8.5, =0.6.0, =0.6.1, =0.6.8, =1.0.0, =2.0.0 - @vibe-forge/client =1.0.0 - bitbucket-copilot-pr-review =0.5.1 Source cves: CVE-2026-45033 Source advisory: SNYK:JS-GITHUBCOPILOT-16642141...

Incorrect Behavior Order

Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Incorrect Behavior Order that enables code execution via the core.fsmonitor configuration key in a nested bare git repository. A...

GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory...

GHSA-9CCR-R5HG-74GF GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory...

PT-2026-39901

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 1.0.43 Description An issue exists where a malicious bare git repository nested inside a project directory can lead to arbitrary code execution when the agent performs git operations. By exploiting git's...

SOCFortress CoPilot 授权问题漏洞

SOCFortress CoPilot is an open-source unified security operations platform developed by SOCFortress. Versions of SOCFortress CoPilot prior to 0.1.57 contained authorization-related vulnerabilities. These vulnerabilities stemmed from a hardcoded JWT signing key being used as a backup value, and th...

CVE-2026-26129

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

EUVD-2026-28445

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network...

EUVD-2026-28449

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

EUVD-2026-28446

Improper neutralization of special elements in output used by a downstream component 'injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-33111

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

CVE-2026-26164

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-26129

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...