Every CVE whose affected-product data names Microsoft Copilot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-45497 — CVSS 7.7 (high): Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to…
CVE-2026-26136 — CVSS 6.5 (medium): Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to…
CVE-2026-42824 — CVSS 6.5 (medium): Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.