Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
AnalysisAI
Privilege elevation in Microsoft 365 Copilot for iOS lets a remote, unauthenticated attacker gain elevated access after a targeted user is lured into interacting with attacker-controlled content, per Microsoft's MSRC advisory. The flaw stems from improper access control (CWE-284) and carries a High CVSS 3.1 base score of 8.1 with high confidentiality and integrity impact but no availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, identify all iOS devices running Microsoft 365 Copilot and flag for expedited patching. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run
CVE-2026-26133 is an AI command injection vulnerability in Microsoft 365 Copilot and multiple Microsoft mobile/desktop a
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44305
GHSA-fw44-xwgm-pf69