Command Injection Vulnerability in Microsoft Copilot by Microsoft
CVE-2026-45497

7.7HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Copilot
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-45497?

A command injection flaw in Microsoft 365 Copilot enables an authorized attacker to manipulate command execution parameters. This vulnerability can be exploited to execute arbitrary code remotely, jeopardizing system security and integrity. Users of Microsoft 365 Copilot should be aware of this vulnerability and take appropriate measures to safeguard their data and computing environment.

Affected Version(s)

Microsoft 365 Copilot -

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45497 Data

JSON