CVE-2026-42895
- EPSS 0.4%
- Veröffentlicht 19.06.2026 20:27:46
- Zuletzt bearbeitet 26.06.2026 21:40:08
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47644
- EPSS 0.73%
- Veröffentlicht 04.06.2026 22:00:52
- Zuletzt bearbeitet 08.06.2026 13:57:25
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-42824
- EPSS 7.64%
- Veröffentlicht 04.06.2026 22:00:49
- Zuletzt bearbeitet 09.07.2026 00:17:06
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-45497
- EPSS 0.45%
- Veröffentlicht 04.06.2026 22:00:49
- Zuletzt bearbeitet 08.06.2026 13:55:28
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-33111
- EPSS 1.14%
- Veröffentlicht 07.05.2026 20:58:48
- Zuletzt bearbeitet 14.05.2026 14:31:11
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-26136
- EPSS 0.65%
- Veröffentlicht 19.03.2026 21:17:07
- Zuletzt bearbeitet 01.04.2026 12:23:09
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.