Skip to main content

Microsoft 365 Copilot S Business Chat

2 CVEs product

Monthly

CVE-2026-26129 HIGH PATCH NEWS NO ACTION HOSTED Monitor

Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.

Information Disclosure Microsoft 365 Copilot S Business Chat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26164 HIGH PATCH NEWS NO ACTION HOSTED Exploit Unlikely Monitor

Injection vulnerability in Microsoft 365 Copilot's Business Chat enables remote unauthenticated attackers to extract sensitive information through specially crafted inputs. Microsoft has released a patch addressing this CWE-74 injection flaw. With CVSS 7.5 (High), network-accessible attack vector, and no authentication required, this represents a significant exposure for organizations using Copilot Business Chat, though no active exploitation is confirmed at time of analysis.

Information Disclosure Microsoft 365 Copilot S Business Chat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH NO ACTION HOSTED Monitor

Remote unauthenticated attackers can disclose sensitive information from Microsoft 365 Copilot's Business Chat through improper input neutralization (CVSS 7.5). The vulnerability allows network-based exploitation with low complexity and no user interaction required. Vendor-released patch available via Microsoft Security Response Center (MSRC-2026-26129). No public exploit identified at time of analysis, though the low attack complexity (AC:L) and lack of authentication requirements (PR:N) increase realistic exploitation risk.

Information Disclosure Microsoft 365 Copilot S Business Chat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH NO ACTION HOSTED Exploit Unlikely Monitor

Injection vulnerability in Microsoft 365 Copilot's Business Chat enables remote unauthenticated attackers to extract sensitive information through specially crafted inputs. Microsoft has released a patch addressing this CWE-74 injection flaw. With CVSS 7.5 (High), network-accessible attack vector, and no authentication required, this represents a significant exposure for organizations using Copilot Business Chat, though no active exploitation is confirmed at time of analysis.

Information Disclosure Microsoft 365 Copilot S Business Chat
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy