Copilot Studio Microsoft Copilot Studio

  1. Vendors
  2. Microsoft
  3. Copilot Studio

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Copilot Studio.

Recent Microsoft Copilot Studio Security Advisories

Advisory Title Published
CVE-2026-21520 CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability January 22, 2026
CVE-2024-49038 CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability November 26, 2024
CVE-2024-38206 CVE-2024-38206 Microsoft Copilot Studio Information Disclosure Vulnerability August 6, 2024

By the Year

In 2026 there have been 1 vulnerability in Microsoft Copilot Studio with an average score of 7.5 out of ten. Copilot Studio did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 1 7.50
2025 0 0.00
2024 3 7.87

It may take a day or so for new Copilot Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Copilot Studio Security Vulnerabilities

Jan 2026: Copilot Studio Information Disclosure Vulnerability
CVE-2026-21520 7.5 - High - January 22, 2026

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

Command Injection

Cross-Site Scripting (XSS) Vulnerability in Copilot Studio
CVE-2024-49038 9.6 - Critical - November 26, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

XSS

CVE-2024-43610: Copilot Studio Info Disclosure via Network
CVE-2024-43610 7.5 - High - October 09, 2024

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

Information Disclosure

Microsoft Copilot Studio SSRF Bypass by Authenticated Attack
CVE-2024-38206 6.5 - Medium - August 06, 2024

An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.

SSRF

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Copilot Studio or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Copilot Studio
Product

subscribe