Skip to main content

Copilot Chat (Microsoft Edge) EUVDEUVD-2026-28449

| CVE-2026-33111 HIGH
Command Injection (CWE-77)
2026-05-07 microsoft GHSA-gfjx-9vr9-m736
7.5
CVSS 3.1 · NVD
Temporal: 6.5
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 22:01 vuln.today
CVE Published
May 07, 2026 - 20:58 nvd
HIGH 7.5

DescriptionCVE.org

Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Remote unauthenticated command injection in Microsoft's Copilot Chat for Edge browser enables information disclosure via crafted network requests. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates attackers can exploit this remotely without authentication or user interaction, though impact is limited to confidentiality (C:H/I:N/A:N). Microsoft has released a patch per MSRC advisory. No active exploitation confirmed by CISA KEV at time of analysis, though the low attack complexity and lack of authentication requirements make this readily exploitable once technical details emerge.

Technical ContextAI

This vulnerability affects Microsoft's Copilot Chat integration within the Edge browser (CPE: cpe:2.3:a:microsoft:copilot_chat_(microsoft_edge)). The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating the application fails to properly sanitize user-controlled input before passing it to a command interpreter or system shell. In the context of a browser-integrated AI chat feature, this likely occurs when processing chat inputs, URLs, or API responses that contain special characters or command sequences. The vulnerability allows injection of malicious commands that execute in the security context of the Copilot Chat component, though scope is unchanged (S:U) meaning the vulnerable component and impacted component are the same.

RemediationAI

Apply the vendor-released patch available through Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33111. For Microsoft Edge deployments, enable automatic updates or manually update to the patched version specified in the MSRC advisory. As a temporary compensating control if patching is delayed, disable Copilot Chat functionality in Edge via Group Policy (Administrative Templates > Microsoft Edge > Enable Copilot Chat = Disabled) or edge://flags by disabling experimental AI features, though this eliminates the feature entirely. For enterprise environments, network-level controls blocking external Copilot API endpoints may reduce exposure but will also break legitimate Copilot functionality and may not prevent exploitation via cached or local command injection vectors. No workaround fully mitigates without disabling the vulnerable component.

Share

EUVD-2026-28449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy