108 matches found
CVE-2026-47645
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-42895
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
...
CVE-2026-42895
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-38087
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
...
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
...
CVE-2026-42895
CVE-2026-42895 describes an improper neutralization of special elements used in a command ("command injection") in Microsoft Copilot, allowing a remote attacker to tamper with data over a network. The available sources identify the affected product as Microsoft Copilot and classify the vulnerabil...
PT-2026-51032
Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot's Business Chat affected versions not specified Description An open redirect issue exists, which is a flaw that allows a user to be redirected to an untrusted external website. This can enable an unauthorized attacker to...
Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
PT-2026-50802
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...
Reconstructing AI activity in investigations
AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-42824
Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...