Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Microsoft Copilot is vulnerable to command injection through improper neutralization of special elements in user input, allowing an unauthenticated attacker to execute arbitrary commands and disclose sensitive information over the network. The vulnerability affects Microsoft Copilot (version details unspecified in available advisories) and requires user interaction to trigger. While no public proof-of-concept or active exploitation in the wild has been confirmed in the provided intelligence, the moderate CVSS score of 6.5 with high confidentiality impact warrants prompt patching.
Technical ContextAI
The vulnerability is rooted in CWE-77 (Improper Neutralization of Special Elements used in a Command, also known as command injection), a class of input validation flaw where user-supplied data is concatenated into system commands without proper sanitization or escaping. In the context of Microsoft Copilot, an AI assistant that processes natural language input and may invoke backend services or system calls, insufficient input validation on command construction allows an attacker to inject shell metacharacters or command separators (such as pipes, semicolons, backticks, or command substitution operators) to alter the intended command structure. The network-accessible nature of Copilot (AV:N in CVSS vector) combined with low attack complexity (AC:L) indicates the vulnerable code path is directly reachable and does not require special configuration or authentication to reach the vulnerable input handler, though user interaction (UI:R) is required to deliver the payload.
RemediationAI
Immediately apply the security patch released by Microsoft for Copilot as documented in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26136; this is the primary and recommended remediation. Until patches can be applied, organizations should implement input validation and sanitization policies that restrict or filter special shell characters from user prompts sent to Copilot, enforce strict Content Security Policy (CSP) headers if Copilot is web-based, and limit Copilot deployment to trusted users with strict authentication controls. Network-level mitigations such as deploying Copilot behind a Web Application Firewall (WAF) configured to detect and block command injection patterns (e.g., backticks, $(…), |, ;, &, &&, ||) may reduce attack surface. Monitor Copilot logs for suspicious command patterns or error messages that may indicate injection attempts.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13182