CVE Catalog

CVE-2026-47644

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

In Copilot Chat (Microsoft Edge), improper neutralization of special elements in output can lead to injection vulnerabilities. This allows an unauthorized attacker to disclose information over a network.

Risk Assessment

The organization may be exposed to the risk of confidential data leakage, which can lead to serious legal and reputational consequences.

Recommendation

It is recommended to update the software to the latest version and implement additional security mechanisms to prevent injections.

Original NVD description (English source)

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS