365 copilot chat (microsoft) — Vulnerabilities

Vendors · microsoft · 365 copilot chat

365 copilot chat

· 3 Criticalmicrosoft · 7 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2026-26164HIGH 7.5

May 7, 2026

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26129HIGH 7.5

May 7, 2026

Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-26137CRITICAL 9.9

Mar 19, 2026

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.

CVE-2025-59286CRITICAL 9.3

Oct 9, 2025

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2025-59272CRITICAL 9.3

Oct 9, 2025

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.

CVE-2025-53787HIGH 8.2

Aug 7, 2025

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

CVE-2025-53774MEDIUM 6.5

Aug 7, 2025

Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

All microsoft products All Vendors CVE Database KEV Catalog