Skip to main content

Copilot Studio

4 CVEs product

Monthly

CVE-2026-21520 HIGH PATCH This Week

Unauthenticated attackers can remotely access sensitive information in Microsoft Copilot Studio due to improper access controls, requiring no authentication or user interaction. This network-based vulnerability exposes confidential data to unauthorized disclosure with no patch currently available.

Command Injection AI / ML Copilot Studio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-49038 CRITICAL Act Now

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copilot Studio
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-43610 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Copilot Studio
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-38206 MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD
CVSS 3.1
6.5
EPSS
12.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated attackers can remotely access sensitive information in Microsoft Copilot Studio due to improper access controls, requiring no authentication or user interaction. This network-based vulnerability exposes confidential data to unauthorized disclosure with no patch currently available.

Command Injection AI / ML Copilot Studio
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copilot Studio
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Copilot Studio
NVD
EPSS 12% CVSS 6.5
MEDIUM PATCH This Month

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Microsoft Copilot Studio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy