365 Copilot Chat

365_copilot_chat

Vendor: Microsoft • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-26164 1Microsoft 1365 Copilot Chat Jun 1, 2026 May 7, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 1Microsoft 1365 Copilot Chat Jun 1, 2026 May 7, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26137 1Microsoft 1365 Copilot Chat Mar 27, 2026 Mar 19, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
CVE-2025-59286 1Microsoft 1365 Copilot Chat Dec 11, 2025 Oct 9, 2025 N/A· v4 9.3 CRITICAL· v3 N/A· v2 Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-59272 1Microsoft 1365 Copilot Chat Dec 11, 2025 Oct 9, 2025 N/A· v4 9.3 CRITICAL· v3 N/A· v2 Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
CVE-2025-53787 1Microsoft 1365 Copilot Chat Aug 14, 2025 Aug 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53774 1Microsoft 1365 Copilot Chat Aug 14, 2025 Aug 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability