Jan 2026: M365 Copilot Information Disclosure Vulnerability
CVE-2026-24307 Published on January 22, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Weakness Type
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Products Associated with CVE-2026-24307
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-24307 are published in Microsoft 365 Copilot:
Affected Versions
Microsoft 365 Copilot Version - is affected by CVE-2026-24307Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.