Command Injection Vulnerability in Microsoft Copilot
CVE-2026-48561
9.6CRITICAL
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-48561?
A command injection vulnerability in Microsoft Copilot enables unauthorized attackers to execute arbitrary code over the network due to improper handling of special elements. This flaw can compromise system security, allowing malicious actors to manipulate and control the affected environment. It is critical for users and administrators to be aware of this vulnerability and take necessary precautions to mitigate potential risks.
Affected Version(s)
Microsoft 365 Copilot for Android 1.0
Microsoft 365 Copilot for iOS 1.0