90 matches found
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-42824
CVE-2026-42824: Improper neutralization of special elements used in a command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. Connected documents do not provide additional technical details (affected versions, exploitable vectors, or fixes) in the...
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-46402
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-41090 Microsoft Copilot Tampering Vulnerability
...
CVE-2026-41090 Microsoft Copilot Tampering Vulnerability
...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-41090
CVE-2026-41090 affects Microsoft Copilot. The vulnerability arises from improper neutralization of elements used in a command (command injection) that enables tampering over a network. The CVSS‑3.1 vector indicates network attack, high confidentiality and integrity impact, no availability impact,...
EUVD-2026-31512
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-42827 M365 Copilot Information Disclosure Vulnerability
...
PT-2026-42846
Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...
Microsoft 365 Copilot 命令注入漏洞
Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements during command injections. This vulnerability could allow unauthorized attackers ...
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
KLA91072 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in M365 Copilot can be exploited remotely to obta...
CVE-2026-41100
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...