Microsoft Microsoft 365 Copilot's Business Chat
6 CVEs affecting Microsoft Microsoft 365 Copilot's Business Chat. Latest disclosed: 2026-05-07. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59286 | Critical | 9.3 | 2025-10-09 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a n… |
CVE-2025-59272 | Critical | 9.3 | 2025-10-09 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosur… |
CVE-2025-53787 | High | 8.2 | 2025-08-07 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
CVE-2026-26164 | High | 7.5 | 2026-05-07 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |
CVE-2026-26129 | High | 7.5 | 2026-05-07 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |
CVE-2025-53774 | Medium | 6.5 | 2025-08-07 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |