CVE-2026-26137

| EUVD-2026-13184 CRITICAL
2026-03-19 [email protected]
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 19, 2026 - 21:30 vuln.today
EUVD ID Assigned
Mar 19, 2026 - 21:30 euvd
EUVD-2026-13184
CVE Published
Mar 19, 2026 - 21:17 nvd
CRITICAL 9.9

Tags

SSRF Microsoft

Description

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

Analysis

Microsoft 365 Copilot's Business Chat contains a server-side request forgery vulnerability that allows authenticated users to escalate privileges across network boundaries. An attacker with valid credentials can exploit this flaw to access or manipulate resources beyond their intended authorization level. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all users with Microsoft 365 Copilot Business Chat access and document current usage patterns. Within 7 days: Implement network segmentation to restrict Copilot service communication, enforce strict outbound firewall rules, and deploy WAF policies to block suspicious SSRF patterns. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +50
POC: 0

Share

CVE-2026-26137 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy