CVE-2024-49038

CVE-2024-49038 affects Microsoft Copilot Studio. The flaw is improper neutralization of input during web page generation (XSS) that an unauthorized attacker can exploit to elevate privileges over a network. Affected: Copilot Studio (Microsoft). Root cause described as input handling in web page g...

CVE-2024-38206

Microsoft Copilot Studio contains CVE-2024-38206: an authenticated attacker can bypass SSRF protections to leak sensitive information over the network. Affected product: Microsoft Copilot Studio. Root cause per the entry is insufficient validation allowing SSRF bypass. Impact is information discl...

CVE-2024-43610

CVE-2024-43610 concerns an information disclosure in Microsoft Copilot Studio. The connected PT-2024-7988 entry identifies Copilot Studio as the affected software and states that the vulnerability involves exposure of sensitive information to unauthorized actors via a network attack vector, explo...

CVE-2026-21520

CVE-2026-21520 is a Copilot Studio information disclosure vulnerability with a network attack vector, allowing an unauthenticated attacker to view sensitive information. The NVD/MSRC entry attributes a CVSS v3.1 base score of 7.5 (HIGH) and confirms network access with no privileges. Red Hat and ...