Filtered by vendor Microsoft Subscriptions
Filtered by product Copilot Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-42824 1 Microsoft 2 365 Copilot, Copilot 2026-07-08 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-66389 1 Microsoft 1 Copilot 2026-06-22 7.5 High
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
CVE-2026-45497 1 Microsoft 2 365 Copilot, Copilot 2026-06-08 7.7 High
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-26136 1 Microsoft 1 Copilot 2026-04-14 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.