Microsoft Microsoft 365 Copilot
7 CVEs affecting Microsoft Microsoft 365 Copilot. Latest disclosed: 2026-06-04. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33102 | Critical | 9.3 | 2026-04-23 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-24307 | Critical | 9.3 | 2026-01-22 | Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
CVE-2025-32711 | Critical | 9.3 | 2025-06-11 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
CVE-2026-45497 | High | 7.7 | 2026-06-04 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a n… |
CVE-2026-42824 | Medium | 6.5 | 2026-06-04 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |
CVE-2026-42827 | Medium | 6.5 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |
CVE-2026-24299 | Medium | 5.3 | 2026-03-19 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information ove… |