Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.
Technical ContextAI
This vulnerability stems from CWE-138 (Improper Neutralization of Special Elements), where M365 Copilot's Business Chat component fails to properly sanitize or validate special characters or control sequences in user-supplied input. CWE-138 typically involves injection-style flaws where attackers embed specially crafted elements that are interpreted by downstream systems in unintended ways. In AI/LLM contexts like Copilot, this could manifest as prompt injection attacks where malicious input bypasses access controls or leaks data from the language model's context window. The affected component per CPE is specifically microsoft:microsoft_365_copilot's_business_chat, which integrates with organizational data sources to provide AI-assisted responses. The CVSS vector confirms network-accessible exploitation (AV:N) with unchanged scope (S:U), meaning the vulnerable component and impacted resources operate within the same security authority.
RemediationAI
Apply the vendor-released patch available through Microsoft Security Response Center advisory CVE-2026-26129 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129. Microsoft typically delivers M365 Copilot updates through the Microsoft 365 Admin Center or via automatic update channels for enterprise deployments. Administrators should verify successful patch deployment through the Microsoft 365 compliance center or endpoint management tools. If immediate patching is not feasible, consider temporarily disabling M365 Copilot's Business Chat feature for affected users through Microsoft 365 Admin Center (Users > Active users > Licenses and apps > disable Copilot license) until patches can be applied, though this eliminates productivity benefits of the AI assistant. Alternatively, implement network-level access controls to restrict Copilot Business Chat API endpoints to trusted internal networks only, reducing exposure to external attackers, though this may interfere with legitimate remote worker access and mobile usage scenarios. Monitor Microsoft 365 audit logs for unusual Copilot query patterns or data access anomalies that could indicate exploitation attempts.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28445
GHSA-hpvr-rjcg-4q53