104 matches found
CVE-2026-47645
Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
...
EUVD-2026-38091
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-37946
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-54130
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-54130
CVE-2026-54130 affects M365 Copilot and involves missing authentication for a critical function, enabling an unauthorized attacker to disclose information over a network. The NVD and CVE records confirm the root cause as unauthenticated access to a high-impact function, with a CVSS v3.1 base scor...
Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Reconstructing AI activity in investigations
AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...
EUVD-2026-34334
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-42824
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-45497
CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
Microsoft M365 Copilot Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
Microsoft 365 Copilot 命令注入漏洞
Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements in commands. This vulnerability could allow authorized attackers to execute code...