Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Remote unauthenticated command injection in Microsoft's Copilot Chat for Edge browser enables information disclosure via crafted network requests. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates attackers can exploit this remotely without authentication or user interaction, though impact is limited to confidentiality (C:H/I:N/A:N). Microsoft has released a patch per MSRC advisory. No active exploitation confirmed by CISA KEV at time of analysis, though the low attack complexity and lack of authentication requirements make this readily exploitable once technical details emerge.
Technical ContextAI
This vulnerability affects Microsoft's Copilot Chat integration within the Edge browser (CPE: cpe:2.3:a:microsoft:copilot_chat_(microsoft_edge)). The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating the application fails to properly sanitize user-controlled input before passing it to a command interpreter or system shell. In the context of a browser-integrated AI chat feature, this likely occurs when processing chat inputs, URLs, or API responses that contain special characters or command sequences. The vulnerability allows injection of malicious commands that execute in the security context of the Copilot Chat component, though scope is unchanged (S:U) meaning the vulnerable component and impacted component are the same.
RemediationAI
Apply the vendor-released patch available through Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33111. For Microsoft Edge deployments, enable automatic updates or manually update to the patched version specified in the MSRC advisory. As a temporary compensating control if patching is delayed, disable Copilot Chat functionality in Edge via Group Policy (Administrative Templates > Microsoft Edge > Enable Copilot Chat = Disabled) or edge://flags by disabling experimental AI features, though this eliminates the feature entirely. For enterprise environments, network-level controls blocking external Copilot API endpoints may reduce exposure but will also break legitimate Copilot functionality and may not prevent exploitation via cached or local command injection vectors. No workaround fully mitigates without disabling the vulnerable component.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28449
GHSA-gfjx-9vr9-m736