Skip to main content

Microsoft 365 Copilot CVE-2026-26164

| EUVDEUVD-2026-28446 HIGH
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-05-07 microsoft GHSA-qvcj-rgrx-wm72
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 22:00 vuln.today
CVE Published
May 07, 2026 - 20:58 nvd
HIGH 7.5

DescriptionCVE.org

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Injection vulnerability in Microsoft 365 Copilot's Business Chat enables remote unauthenticated attackers to extract sensitive information through specially crafted inputs. Microsoft has released a patch addressing this CWE-74 injection flaw. With CVSS 7.5 (High), network-accessible attack vector, and no authentication required, this represents a significant exposure for organizations using Copilot Business Chat, though no active exploitation is confirmed at time of analysis.

Technical ContextAI

CWE-74 describes improper neutralization of special elements passed to downstream components - a classic injection vulnerability class. In this context, Microsoft 365 Copilot's Business Chat (cpe:2.3:a:microsoft:microsoft_365_copilot's_business_chat) likely processes user-supplied prompts or queries that are then passed to backend AI/LLM components, data retrieval systems, or integrated Microsoft Graph APIs. The vulnerability suggests that specially crafted input containing control characters, prompt injection sequences, or markup elements is not properly sanitized before being used by downstream processing components. This could allow attackers to manipulate the semantic context of Copilot queries, bypass access controls in integrated data sources, or extract information from contexts outside the attacker's authorized scope. Similar injection classes in AI assistants have enabled extraction of system prompts, retrieval of other users' data, or exfiltration of information from connected enterprise resources.

RemediationAI

Apply the vendor-released patch immediately via Microsoft 365 admin center or through standard Microsoft 365 update channels, as detailed in the official advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164. Microsoft typically deploys Copilot fixes through backend service updates that apply automatically to tenant environments, but administrators should verify update status in the Microsoft 365 admin center under Health > Service health. If immediate patching cannot be achieved, consider temporarily disabling Microsoft 365 Copilot Business Chat feature through tenant-level policies until the fix is confirmed deployed. This can be accomplished via Microsoft 365 admin center under Settings > Org settings > Copilot, though this eliminates productivity benefits of the service. Network-level controls are ineffective given the cloud-hosted nature of the service. For high-sensitivity environments, implement data loss prevention (DLP) policies to limit Copilot's access to classified or regulated data sources until patching is verified, accepting reduced functionality as trade-off.

Share

CVE-2026-26164 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy