Microsoft 365 Copilot Business Chat
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Copilot Business Chat.
By the Year
In 2026 there have been 1 vulnerability in Microsoft 365 Copilot Business Chat with an average score of 9.9 out of ten. Last year, in 2025 365 Copilot Business Chat had 4 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.58.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 9.90 |
| 2025 | 4 | 8.33 |
It may take a day or so for new 365 Copilot Business Chat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Copilot Business Chat Security Vulnerabilities
Mar 2026: Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability
CVE-2026-26137
9.9 - Critical
- March 19, 2026
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.
SSRF
Oct 2025: Copilot Information Disclosure Vulnerability
CVE-2025-59286
9.3 - Critical
- October 09, 2025
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Oct 2025: Copilot Information Disclosure Vulnerability
CVE-2025-59272
9.3 - Critical
- October 09, 2025
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
Command Injection
Aug 2025: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53774
6.5 - Medium
- August 07, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Command Injection
Aug 2025: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53787
8.2 - High
- August 07, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft 365 Copilot Business Chat or by Microsoft? Click the Watch button to subscribe.
