Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

365_copilot

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-24299
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.56%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotMicrosoft 365 Copilot
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-26133
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.19%
||
7 Day CHG+0.01%
Published-13 Mar, 2026 | 21:10
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotpower_biexcelloopteamswordpowerpointedgeoutlookonenoteMicrosoft Outlook for iOSMicrosoft Edge for iOSMicrosoft OneNoteMicrosoft 365 Copilot for AndroidMicrosoft Outlook for MacMicrosoft Word for AndroidMicrosoft OneNote for AndroidMicrosoft PowerBI for AndroidMicrosoft Teams for iOSMicrosoft 365 Copilot for iOSMicrosoft Outlook for AndroidMicrosoft PowerBI for iOSMicrosoft Excel for AndroidMicrosoft Loop for iOSMicrosoft PowerPoint for AndroidMicrosoft PowerPoint for iOSMicrosoft Edge for AndroidMicrosoft Teams for AndroidMicrosoft Excel for iOSMicrosoft Word for iOS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-24307
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.13% / 32.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 22:47
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotMicrosoft 365 Copilot
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-32711
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-9.91% / 93.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 13:22
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotMicrosoft 365 Copilot
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-43905
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.37% / 58.97%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-11 Jun, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office app Remote Code Execution Vulnerability

Microsoft Office app Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotOffice app