CVE Catalog

CVE-2026-54130

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

43th percentile — higher than 43% of all known CVEs

Summary

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Risk Assessment

The organization may be exposed to data leaks, which could lead to serious legal and reputational consequences.

Recommendation

It is recommended to implement appropriate authentication mechanisms for critical functions in M365 Copilot.

Original NVD description (English source)

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS