PT-2026-38574

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in Copilot Business Chat allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

KLA91032 OSI vulnerabilities in Microsoft Apps

An information disclosure vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26129 CVE-2026-26164 Exploitation Related products Microsoft-365 CVE list...

RLSA-2026:11704 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response

Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.10) +21 more potentially affected by CVE-2026-45005 via openclaw (>=0.0.1 <=2026.4.21)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-45005 Source advisory: OSV:GHSA-Q8FF-7FFM-M3R9...

April 30, 2026—KB5083806 (OS Build 28000.1896) Preview

April 30, 2026—KB5083806 OS Build 28000.1896 Preview ​​​​This non-security update for Windows 11, version 26H1 KB5083806, includes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and...

CVE-2026-33102

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-25310

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33102

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33102

Technical details of CVE-2026-33102 are not publicly available in the provided documents; monitor for updates from official sources.

CVE-2026-33102

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability

...

CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability

...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6874 Source advisory: SNYK:JS-COPILOTAPI-16321518...

DNS Rebinding

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to DNS Rebinding in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...

Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6874 Source advisory: OSV:GHSA-3VR4-CVMG-7FX4...

EUVD-2026-25137

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

GHSA-3VR4-CVMG-7FX4 copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...