Microsoft Microsoft 365 Word Copilot
2 CVEs affecting Microsoft Microsoft 365 Word Copilot. Latest disclosed: 2026-01-22. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59252 | Critical | 9.3 | 2025-10-09 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a nā¦ |
CVE-2026-21521 | High | 7.4 | 2026-01-22 | Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network. |