Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Injection vulnerability in Microsoft 365 Copilot's Business Chat enables remote unauthenticated attackers to extract sensitive information through specially crafted inputs. Microsoft has released a patch addressing this CWE-74 injection flaw. With CVSS 7.5 (High), network-accessible attack vector, and no authentication required, this represents a significant exposure for organizations using Copilot Business Chat, though no active exploitation is confirmed at time of analysis.
Technical ContextAI
CWE-74 describes improper neutralization of special elements passed to downstream components - a classic injection vulnerability class. In this context, Microsoft 365 Copilot's Business Chat (cpe:2.3:a:microsoft:microsoft_365_copilot's_business_chat) likely processes user-supplied prompts or queries that are then passed to backend AI/LLM components, data retrieval systems, or integrated Microsoft Graph APIs. The vulnerability suggests that specially crafted input containing control characters, prompt injection sequences, or markup elements is not properly sanitized before being used by downstream processing components. This could allow attackers to manipulate the semantic context of Copilot queries, bypass access controls in integrated data sources, or extract information from contexts outside the attacker's authorized scope. Similar injection classes in AI assistants have enabled extraction of system prompts, retrieval of other users' data, or exfiltration of information from connected enterprise resources.
RemediationAI
Apply the vendor-released patch immediately via Microsoft 365 admin center or through standard Microsoft 365 update channels, as detailed in the official advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164. Microsoft typically deploys Copilot fixes through backend service updates that apply automatically to tenant environments, but administrators should verify update status in the Microsoft 365 admin center under Health > Service health. If immediate patching cannot be achieved, consider temporarily disabling Microsoft 365 Copilot Business Chat feature through tenant-level policies until the fix is confirmed deployed. This can be accomplished via Microsoft 365 admin center under Settings > Org settings > Copilot, though this eliminates productivity benefits of the service. Network-level controls are ineffective given the cloud-hosted nature of the service. For high-sensitivity environments, implement data loss prevention (DLP) policies to limit Copilot's access to classified or regulated data sources until patching is verified, accepting reduced functionality as trade-off.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28446
GHSA-qvcj-rgrx-wm72