Is Command Injection affected by CVE-2026-26133?

CVE-2026-26133 is a high-severity AI command injection vulnerability affecting Microsoft 365 Copilot and multiple Microsoft applications on iOS, Android, and macOS that could allow attackers to extract sensitive information through crafted prompts.

CVE-2026-26133

EUVD-2026-12111 HIGH

2026-03-13 microsoft

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 13, 2026 - 22:01 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 22:01 euvd

EUVD-2026-12111

Patch Released

Mar 13, 2026 - 22:01 nvd

Patch available

CVE Published

Mar 13, 2026 - 21:10 nvd

HIGH 7.1

Description

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Analysis

CVE-2026-26133 is an AI command injection vulnerability in Microsoft 365 Copilot and multiple Microsoft mobile/desktop applications that allows remote attackers to disclose sensitive information through crafted AI prompts. The vulnerability affects numerous Microsoft products across iOS, Android, and macOS platforms, requires user interaction, and has a patch available from Microsoft with no current evidence of active exploitation (not in KEV).

Remediation

Within 24 hours: Identify and inventory all affected Microsoft applications (Copilot, mobile/desktop apps) deployed across the organization and assess which users have access. Within 7 days: Deploy available Microsoft patches across all affected systems, prioritizing business-critical users and those handling sensitive data; communicate patch requirements to end users. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: 0

CVE-2026-26133 vulnerability details – vuln.today

Back

CVE-2026-26133

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-26133

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code