Open Redirect Vulnerability in Microsoft 365 Copilot
CVE-2026-41106

9.3CRITICAL

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
2 July 2026

What is CVE-2026-41106?

An open redirect vulnerability in Microsoft 365 Copilot enables an unauthorized attacker to redirect users to untrusted sites. This security issue could potentially allow the attacker to elevate privileges over a network, posing a significant risk to users and organizations. It's crucial to address this vulnerability promptly to maintain the integrity and security of the Microsoft 365 Copilot environment.

Affected Version(s)

Microsoft 365 Copilot -

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.