Copilot Studio

copilot_studio

Vendor: Microsoft • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21520 1Microsoft 1Copilot Studio Feb 2, 2026 Jan 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVE-2024-49038 1Microsoft 1Copilot Studio Jan 9, 2025 Nov 26, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVE-2024-43610 1Microsoft 1Copilot Studio Jan 10, 2025 Oct 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVE-2024-38206 1Microsoft 1Copilot Studio Aug 14, 2024 Aug 6, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.