EUVD-2026-12111

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability

...

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability

...

CVE-2026-26133

CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...

M365 Copilot Information Disclosure Vulnerability

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

Microsoft多款产品 安全漏洞

Microsoft Excel is a product of the American company Microsoft. Microsoft Excel is a spreadsheet processing software within the Office suite. Microsoft Edge is a web browser that comes with systems running Windows 10 and later versions. Microsoft Word is a word processing software within the Offi...

PT-2026-24950

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description An AI command injection issue exists in Microsoft 365 Copilot, potentially allowing an unauthorized attacker to disclose information over a network. This issue is related to...

PT-2026-24662

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description An unauthenticated remote attacker can read arbitrary files from the server's filesystem. The issue occurs in the create model version handler of mlflow/server/handlers.py when a...

KLA90920 Multiple vulnerabilities in Microsoft Open Source Software

Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-27646 via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-27646 Source advisory: SNYK:JS-OPENCLAW-15443498...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443477...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443481...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by unknown CVE via openclaw (>=2026.3.22 <=2026.3.31)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OPENCLAW-15443478...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

For the last few months, we've been using the GitHub Security Lab Taskflow Agent along with a new set of auditing taskflows that specialize in finding web security vulnerabilities. They also turn out to be very successful at finding high-impact vulnerabilities in open source projects. As security...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

Command Injection

Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Command Injection via crafted bash parameter expansion patterns in the shell command assessment process. An attacker can execute...

@george.talusan/node-red-contrib-copilot (>=0.0.5 <=1.0.5), @github/copilot-sdk (>=0.1.9 <=0.1.31-unstable.0) +19 more potentially affected by CVE-2026-29783 via @github/copilot (>=0.0.375 <=0.0.421)

@github/copilot NPM version =0.0.375, =0.0.5, =0.1.9, =1.1.0, =0.0.0, =0.0.1, =1.2.3, =0.6.0, =1.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.15 - devdoctor-js =0.1.0 and more Source cves: CVE-2026-29783 Source advisory: SNYK:JS-GITHUBCOPILOT-15468228...