Microsoft 365 Copilot For Ios
Monthly
Privilege elevation in Microsoft 365 Copilot for iOS lets a remote, unauthenticated attacker gain elevated access after a targeted user is lured into interacting with attacker-controlled content, per Microsoft's MSRC advisory. The flaw stems from improper access control (CWE-284) and carries a High CVSS 3.1 base score of 8.1 with high confidentiality and integrity impact but no availability impact. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.
CVE-2026-26133 is an AI command injection vulnerability in Microsoft 365 Copilot and multiple Microsoft mobile/desktop applications that allows remote attackers to disclose sensitive information through crafted AI prompts. The vulnerability affects numerous Microsoft products across iOS, Android, and macOS platforms, requires user interaction, and has a patch available from Microsoft with no current evidence of active exploitation (not in KEV).
Privilege elevation in Microsoft 365 Copilot for iOS lets a remote, unauthenticated attacker gain elevated access after a targeted user is lured into interacting with attacker-controlled content, per Microsoft's MSRC advisory. The flaw stems from improper access control (CWE-284) and carries a High CVSS 3.1 base score of 8.1 with high confidentiality and integrity impact but no availability impact. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.
Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.
CVE-2026-26133 is an AI command injection vulnerability in Microsoft 365 Copilot and multiple Microsoft mobile/desktop applications that allows remote attackers to disclose sensitive information through crafted AI prompts. The vulnerability affects numerous Microsoft products across iOS, Android, and macOS platforms, requires user interaction, and has a patch available from Microsoft with no current evidence of active exploitation (not in KEV).