Skip to main content

Microsoft 365 Copilot CVE-2026-26129

| EUVDEUVD-2026-28445 HIGH
Improper Neutralization of Special Elements (CWE-138)
2026-05-07 microsoft GHSA-hpvr-rjcg-4q53
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 22:01 vuln.today
CVE Published
May 07, 2026 - 20:58 nvd
HIGH 7.5

DescriptionCVE.org

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.

Technical ContextAI

This vulnerability stems from CWE-138 (Improper Neutralization of Special Elements), where M365 Copilot's Business Chat component fails to properly sanitize or validate special characters or control sequences in user-supplied input. CWE-138 typically involves injection-style flaws where attackers embed specially crafted elements that are interpreted by downstream systems in unintended ways. In AI/LLM contexts like Copilot, this could manifest as prompt injection attacks where malicious input bypasses access controls or leaks data from the language model's context window. The affected component per CPE is specifically microsoft:microsoft_365_copilot's_business_chat, which integrates with organizational data sources to provide AI-assisted responses. The CVSS vector confirms network-accessible exploitation (AV:N) with unchanged scope (S:U), meaning the vulnerable component and impacted resources operate within the same security authority.

RemediationAI

Apply the vendor-released patch available through Microsoft Security Response Center advisory CVE-2026-26129 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129. Microsoft typically delivers M365 Copilot updates through the Microsoft 365 Admin Center or via automatic update channels for enterprise deployments. Administrators should verify successful patch deployment through the Microsoft 365 compliance center or endpoint management tools. If immediate patching is not feasible, consider temporarily disabling M365 Copilot's Business Chat feature for affected users through Microsoft 365 Admin Center (Users > Active users > Licenses and apps > disable Copilot license) until patches can be applied, though this eliminates productivity benefits of the AI assistant. Alternatively, implement network-level access controls to restrict Copilot Business Chat API endpoints to trusted internal networks only, reducing exposure to external attackers, though this may interfere with legitimate remote worker access and mobile usage scenarios. Monitor Microsoft 365 audit logs for unusual Copilot query patterns or data access anomalies that could indicate exploitation attempts.

Share

CVE-2026-26129 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy