7.4
CVE-2026-21521
- EPSS 0.07%
- Veröffentlicht 22.01.2026 22:47:38
- Zuletzt bearbeitet 02.02.2026 13:30:53
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Word Copilot Information Disclosure Vulnerability
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ 365 Word Copilot Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.224 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
|
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.