Microsoft 365 Copilot
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Copilot.
Recent Microsoft 365 Copilot Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-42824 | CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability | June 4, 2026 |
| CVE-2026-45497 | CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability | June 4, 2026 |
| CVE-2026-41100 | CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability | May 12, 2026 |
| CVE-2026-41614 | CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability | May 12, 2026 |
| CVE-2026-26164 | CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability | May 7, 2026 |
| CVE-2026-26129 | CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability | May 7, 2026 |
| CVE-2026-33102 | CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability | April 23, 2026 |
| CVE-2026-24299 | CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability | March 19, 2026 |
| CVE-2026-26137 | CVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability | March 19, 2026 |
| CVE-2026-26133 | CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability | March 12, 2026 |
By the Year
In 2026 there have been 6 vulnerabilities in Microsoft 365 Copilot with an average score of 7.4 out of ten. Last year, in 2025 365 Copilot had 1 security vulnerability published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.87
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 6 | 7.43 |
| 2025 | 1 | 9.30 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.60 |
It may take a day or so for new 365 Copilot vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Copilot Security Vulnerabilities
Jun 2026: Microsoft M365 Copilot Remote Code Execution Vulnerability
CVE-2026-45497
7.7 - High
- June 04, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
Command Injection
Jun 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-42824
6.5 - Medium
- June 04, 2026
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
May 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-42827
6.5 - Medium
- May 22, 2026
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Apr 2026: Microsoft 365 Copilot Elevation of Privilege Vulnerability
CVE-2026-33102
9.3 - Critical
- April 23, 2026
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Open Redirect
Mar 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-24299
5.3 - Medium
- March 19, 2026
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Jan 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-24307
9.3 - Critical
- January 22, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper Validation of Specified Type of Input
Jun 2025: M365 Copilot Information Disclosure Vulnerability
CVE-2025-32711
9.3 - Critical
- June 11, 2025
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Command Injection
Dec 2021: Microsoft Office app Remote Code Execution Vulnerability
CVE-2021-43905
9.6 - Critical
- December 15, 2021
Microsoft Office app Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft 365 Copilot or by Microsoft? Click the Watch button to subscribe.
