Microsoft 365 Copilot
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Copilot.
Recent Microsoft 365 Copilot Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-24307 | CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability | January 22, 2026 |
| CVE-2025-59252 | CVE-2025-59252 M365 Copilot Spoofing Vulnerability | October 10, 2025 |
| CVE-2025-53787 | CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | August 7, 2025 |
| CVE-2025-53774 | CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | August 7, 2025 |
| CVE-2025-32711 | CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability | June 11, 2025 |
By the Year
In 2026 there have been 1 vulnerability in Microsoft 365 Copilot with an average score of 9.3 out of ten. Last year, in 2025 365 Copilot had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in 365 Copilot in 2026 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 9.30 |
| 2025 | 1 | 9.30 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.60 |
It may take a day or so for new 365 Copilot vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Copilot Security Vulnerabilities
Jan 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-24307
9.3 - Critical
- January 22, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper Validation of Specified Type of Input
Jun 2025: M365 Copilot Information Disclosure Vulnerability
CVE-2025-32711
9.3 - Critical
- June 11, 2025
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Microsoft Office app Remote Code Execution Vulnerability
CVE-2021-43905
9.6 - Critical
- December 15, 2021
Microsoft Office app Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft 365 Copilot or by Microsoft? Click the Watch button to subscribe.
