365 Word Copilot
1 CVEs
product
Monthly
Information disclosure in Microsoft 365 Word Copilot enables unauthenticated attackers to extract sensitive data through improper handling of escape and control sequences in network communications. The vulnerability requires user interaction to trigger and affects the Copilot AI/ML service with a CVSS score of 7.4. No patch is currently available.
Information Disclosure
AI / ML
365 Word Copilot
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-21521
EPSS 0%
CVSS 7.4
HIGH
This Week
Information disclosure in Microsoft 365 Word Copilot enables unauthenticated attackers to extract sensitive data through improper handling of escape and control sequences in network communications. The vulnerability requires user interaction to trigger and affects the Copilot AI/ML service with a CVSS score of 7.4. No patch is currently available.
Information Disclosure
AI / ML
365 Word Copilot
NVD