Microsoft 365 Copilot Business Chat
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Copilot Business Chat.
By the Year
In 2026 there have been 3 vulnerabilities in Microsoft 365 Copilot Business Chat with an average score of 8.3 out of ten. Last year, in 2025 365 Copilot Business Chat had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in 365 Copilot Business Chat in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.03
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 8.30 |
| 2025 | 4 | 8.33 |
It may take a day or so for new 365 Copilot Business Chat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Copilot Business Chat Security Vulnerabilities
May 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-26129
7.5 - High
- May 07, 2026
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper Neutralization of Special Elements
May 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-26164
7.5 - High
- May 07, 2026
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Injection
Mar 2026: Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2026-26137
9.9 - Critical
- March 19, 2026
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
SSRF
Oct 2025: Copilot Information Disclosure Vulnerability
CVE-2025-59286
9.3 - Critical
- October 09, 2025
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Oct 2025: Copilot Information Disclosure Vulnerability
CVE-2025-59272
9.3 - Critical
- October 09, 2025
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally.
Command Injection
Aug 2025: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53774
6.5 - Medium
- August 07, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Command Injection
Aug 2025: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53787
8.2 - High
- August 07, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft 365 Copilot Business Chat or by Microsoft? Click the Watch button to subscribe.
