Elevation of Privileges in Microsoft 365 Copilot for iOS
CVE-2026-58617

8.1HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
14 July 2026

What is CVE-2026-58617?

The vulnerability in Microsoft 365 Copilot for iOS stems from improper access control, allowing unauthorized attackers to gain elevated privileges over a network. This flaw can potentially lead to unauthorized access to sensitive functionalities and data, posing significant risks to users. To safeguard against this vulnerability, organizations should ensure timely updates and patches are applied.

Affected Version(s)

Microsoft 365 Copilot for iOS 1.0 < 2.111.4

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.