Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Remote unauthenticated network input with low complexity and no user interaction justifies AV:N/AC:L/PR:N/UI:N; impact is tampering only, so I:H with C:N and A:N.
Primary rating from Vendor (microsoft).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
7DescriptionNVD
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
AnalysisAI
Command injection in Microsoft 365 Copilot lets a remote, unauthenticated attacker tamper with data and integrity over the network by injecting unneutralized special elements into a command (CWE-77). The flaw carries a CVSS 7.5 driven entirely by high integrity impact, with no confidentiality or availability loss. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), no special conditions are required - remote, unauthenticated, low-complexity exploitation against the Microsoft 365 Copilot service over the network with no user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and lean toward moderate, not urgent, priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker submits crafted input containing unneutralized special characters to a 365 Copilot interface, causing the constructed command to be altered and producing an unintended, attacker-influenced result that tampers with data or output integrity. No authentication or user interaction is required per the CVSS vector, but no public exploit code has been identified, so any attack would currently require independent development. |
| Remediation | Patch available per vendor advisory: Microsoft reports the fix is available and, because 365 Copilot is a cloud service, the mitigation is applied server-side by Microsoft with no customer action required to receive it - confirm your tenant is current via the Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42895. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory Microsoft 365 Copilot deployments and users; enable Microsoft security notifications. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in 365 Copilot
View allCVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-ba
Microsoft Office app Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remo
M365 Copilot has an input validation vulnerability allowing unauthorized attackers to extract sensitive information thro
Privilege elevation in Microsoft 365 Copilot's Business Chat is possible when an attacker abuses an open redirect (CWE-6
Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can
Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker
Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitra
Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitra
M365 Copilot is vulnerable to command injection that enables unauthenticated remote attackers to extract sensitive infor
Out-of-bounds read (buffer over-read) in Microsoft Office exposes sensitive memory contents to a local attacker who can
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38087
GHSA-fp2r-x59w-m577