Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Command injection in Microsoft 365 Copilot exposes sensitive information to unauthenticated remote attackers when a victim user interacts with attacker-controlled content, resulting in High confidentiality impact with no integrity or availability effect. The vulnerability carries a CVSS 6.5 (Medium) score, reflecting network accessibility and low attack complexity offset by a mandatory user interaction requirement. No public exploit code exists at time of analysis, and Microsoft has released an official patch documented via the Microsoft Security Response Center.
Technical ContextAI
The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), a command injection class where attacker-influenced input is passed to an underlying command interpreter without adequate sanitization or escaping. Microsoft 365 Copilot (CPE: cpe:2.3:a:microsoft:microsoft_365_copilot:*:*:*:*:*:*:*:*) is an AI-powered assistant deeply integrated into Microsoft 365 services, processing natural language prompts and documents through backend systems. The wildcard version in the CPE indicates no specific version boundary is defined, suggesting all deployed versions prior to the patch are affected. Command injection in AI assistant products typically arises when user-supplied prompts, document content, or API parameters are interpolated into backend command strings - a risk amplified in Copilot's architecture due to its broad data access across Microsoft 365 tenant resources.
RemediationAI
Apply the vendor-released patch as directed by the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42827. The CVSS temporal metric RL:O confirms an official fix is available, though an exact patched version number is not specified in the available intelligence beyond 'patch available from vendor' - consult the MSRC advisory directly for the precise update reference. While awaiting patch deployment, compensating controls should focus on the UI:R attack gate: implement user awareness training around unsolicited links and documents that interact with Copilot, and restrict Copilot access for high-sensitivity roles or tenants handling regulated data. Additionally, enable Microsoft Purview audit logging to detect anomalous Copilot data access patterns that may indicate exploitation attempts. Note that restricting Copilot access to vetted content sources will reduce functionality and must be weighed against operational needs.
More in Microsoft 365 Copilot
View allInformation disclosure in Microsoft 365 Copilot allows remote unauthenticated attackers to exfiltrate data via command i
Privilege elevation in Microsoft 365 Copilot arises from an open redirect (CWE-601) that lets an unauthenticated remote
Information disclosure in Microsoft 365 Copilot lets a remote, unauthenticated attacker reach a security-critical functi
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31513
GHSA-3x26-xpc6-wm74