Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Injection (CWE-74) in Copilot Chat within Microsoft Edge enables unauthenticated remote attackers to disclose sensitive information when a victim user interacts with maliciously crafted content. The vulnerability resides in improper neutralization of special elements passed to a downstream component of the chat pipeline, resulting in high confidentiality impact with no integrity or availability effect. No public exploit code exists at time of analysis (CVSS E:U), and Microsoft has released an official patch per MSRC advisory CVE-2026-47644.
Technical ContextAI
CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) covers injection classes where attacker-controlled input is passed unsanitized to a downstream processing stage. In the context of Copilot Chat embedded in Microsoft Edge, the downstream component is likely the chat rendering or response-processing pipeline - making this consistent with a prompt injection or content injection pattern where specially crafted input manipulates how the output is interpreted or rendered, ultimately leaking data accessible to the chat session. The affected CPE (cpe:2.3:a:microsoft:copilot_chat_(microsoft_edge):*:*:*:*:*:*:*:*) uses a wildcard version field, indicating all released versions of Copilot Chat within Microsoft Edge are within scope. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack originates over the network at low complexity, requires no privileges on the attacker side, but does require user interaction to trigger.
RemediationAI
Apply the vendor-released patch per Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47644. Patch availability is confirmed (RL:O in the CVSS temporal vector and vendor-reported patch status), though an exact fixed version number was not independently specified in the available intelligence - consult the MSRC page for the precise update version and update channel. Ensuring Microsoft Edge is configured for automatic updates via Group Policy (AutoUpdateEnabled) or manual update via edge://settings/help will deliver the patch. As a compensating control prior to patching, administrators in enterprise environments can restrict or disable the Copilot Chat feature in Edge via the EdgeCopilotEnabled Group Policy key, which removes the attack surface entirely but also disables the feature for all users. Organizations should also train users to avoid interacting with Copilot Chat sessions initiated via untrusted content or links, given that UI:R is the key prerequisite for exploitation.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34336
GHSA-6w62-wfvj-6pfp