CVE Catalog

CVE-2026-41090

Critical
Published: Translated: NVD NIST

Summary

Microsoft Copilot has improper neutralization of special elements used in commands, leading to command injection vulnerability. This allows an unauthorized attacker to perform tampering over a network.

Risk Assessment

An attacker could exploit this vulnerability to carry out unauthorized actions on the network, potentially leading to serious security breaches.

Recommendation

It is recommended to update Microsoft Copilot to the latest version and implement appropriate security measures to minimize the risk of attacks.

Original NVD description (English source)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS