Command Injection Vulnerability in Microsoft Copilot
CVE-2026-48561

9.6CRITICAL

What is CVE-2026-48561?

A command injection vulnerability in Microsoft Copilot enables unauthorized attackers to execute arbitrary code over the network due to improper handling of special elements. This flaw can compromise system security, allowing malicious actors to manipulate and control the affected environment. It is critical for users and administrators to be aware of this vulnerability and take necessary precautions to mitigate potential risks.

Affected Version(s)

Microsoft 365 Copilot for Android 1.0

Microsoft 365 Copilot for iOS 1.0

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.