Dismissed
(exclusively hosted service)
Permalink
CVE-2026-24299
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
References
- M365 Copilot Information Disclosure Vulnerability vendor-advisory patch
Affected products
Microsoft 365 Copilot
- ==-