8.8
CVE-2026-47645
- EPSS 0.41%
- Veröffentlicht 19.06.2026 20:29:42
- Zuletzt bearbeitet 26.06.2026 21:42:08
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ 365 Copilot Version-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.326 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645