Microsoft 365_copilot
34 CVEs affecting Microsoft 365_copilot. Latest disclosed: 2026-05-22. Critical: 4, High: 24.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-53766 | Critical | 9.8 | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2026-41090 | Critical | 9.3 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering o… |
CVE-2026-33102 | Critical | 9.3 | 2026-04-23 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-40363 | High | 8.4 | 2026-05-12 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2026-26110 | High | 8.4 | 2026-03-10 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-62557 | High | 8.4 | 2025-12-09 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-62554 | High | 8.4 | 2025-12-09 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-49697 | High | 8.4 | 2025-07-08 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-49696 | High | 8.4 | 2025-07-08 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-49695 | High | 8.4 | 2025-07-08 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47953 | High | 8.4 | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47167 | High | 8.4 | 2025-06-10 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47164 | High | 8.4 | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47162 | High | 8.4 | 2025-06-10 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-30386 | High | 8.4 | 2025-05-13 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2026-42831 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2026-26134 | High | 7.8 | 2026-03-10 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2025-62199 | High | 7.8 | 2025-11-11 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-59234 | High | 7.8 | 2025-10-14 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |