Microsoft 365 Word Copilot — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft 365 Word Copilot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-59252 — CVSS 9.3 (critical): Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose…
CVE-2026-21521 — CVSS 7.4 (high): Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a…