Skip to main content

Copilot Chat EUVDEUVD-2026-34336

| CVE-2026-47644 MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-06-04 microsoft GHSA-6w62-wfvj-6pfp
6.5
CVSS 3.1 · NVD
Temporal: 5.7
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CIRCL (temporal)
5.7 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 04, 2026 - 23:03 vuln.today
CVE Published
Jun 04, 2026 - 22:00 nvd
MEDIUM 6.5

DescriptionCVE.org

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Injection (CWE-74) in Copilot Chat within Microsoft Edge enables unauthenticated remote attackers to disclose sensitive information when a victim user interacts with maliciously crafted content. The vulnerability resides in improper neutralization of special elements passed to a downstream component of the chat pipeline, resulting in high confidentiality impact with no integrity or availability effect. No public exploit code exists at time of analysis (CVSS E:U), and Microsoft has released an official patch per MSRC advisory CVE-2026-47644.

Technical ContextAI

CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) covers injection classes where attacker-controlled input is passed unsanitized to a downstream processing stage. In the context of Copilot Chat embedded in Microsoft Edge, the downstream component is likely the chat rendering or response-processing pipeline - making this consistent with a prompt injection or content injection pattern where specially crafted input manipulates how the output is interpreted or rendered, ultimately leaking data accessible to the chat session. The affected CPE (cpe:2.3:a:microsoft:copilot_chat_(microsoft_edge):*:*:*:*:*:*:*:*) uses a wildcard version field, indicating all released versions of Copilot Chat within Microsoft Edge are within scope. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms the attack originates over the network at low complexity, requires no privileges on the attacker side, but does require user interaction to trigger.

RemediationAI

Apply the vendor-released patch per Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47644. Patch availability is confirmed (RL:O in the CVSS temporal vector and vendor-reported patch status), though an exact fixed version number was not independently specified in the available intelligence - consult the MSRC page for the precise update version and update channel. Ensuring Microsoft Edge is configured for automatic updates via Group Policy (AutoUpdateEnabled) or manual update via edge://settings/help will deliver the patch. As a compensating control prior to patching, administrators in enterprise environments can restrict or disable the Copilot Chat feature in Edge via the EdgeCopilotEnabled Group Policy key, which removes the attack surface entirely but also disables the feature for all users. Organizations should also train users to avoid interacting with Copilot Chat sessions initiated via untrusted content or links, given that UI:R is the key prerequisite for exploitation.

Share

EUVD-2026-34336 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy