CVE-2026-26129
HIGHDescription
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | 365_copilot_chat |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-26129? +
How severe is CVE-2026-26129? +
What products are affected by CVE-2026-26129? +
How do I check if I'm vulnerable to CVE-2026-26129? +
Related Vulnerabilities
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on …
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to …
Windows Kernel Elevation of Privilege Vulnerability
A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL …
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to …
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript …