Critical Microsoft 365 Copilot Flaws Ex Vulnerabilities Expose

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities impacting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. These flaws, addressed on May 7, 2026, require no action from end users or administrators.

Microsoft’s Security Response Center published advisories for CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 as part of its ongoing commitment to transparency in its cloud services.

All three vulnerabilities carry a Critical severity rating and fall under the Information Disclosure impact category.

Microsoft has already fully mitigated all three flaws on its end, consistent with its cloud CVE transparency initiative outlined in the “Toward Greater Transparency: Unveiling Cloud Service CVEs” program.

Microsoft 365 Copilot Vulnerabilities

CVE-2026-26129 affects Microsoft 365 Copilot’s Business Chat. The vulnerability stems from improper neutralization of special elements in output used by a downstream component, potentially allowing an unauthorized attacker to disclose sensitive information over a network.

Although full CVSS metrics were not published for this CVE, the critical severity label reflects the high confidentiality risk inherent in Copilot’s enterprise data access model.

CVE-2026-26164 also targets M365 Copilot and is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component — Injection).

The attack vector is network-based, requires no privileges or user interaction, and has a high confidentiality impact. The exploitability assessment is rated “Exploitation Less Likely,” and exploit code maturity is listed as unproven.

CVE-2026-33111 affects Copilot Chat embedded in Microsoft Edge and is classified under CWE-77 (Improper Neutralization of Special Elements Used in a Command — Command Injection).

It shares the same CVSS score of 7.5 / 6.5 (temporal) as CVE-2026-26164, with an identical attack profile: network-accessible, no privileges required, no user interaction, and high confidentiality impact.

This is particularly concerning given the widespread deployment of Edge across enterprise environments.

All three vulnerabilities highlight a growing attack surface unique to AI-powered productivity tools.

Because M365 Copilot aggregates and processes vast amounts of organizational data, including emails, documents, and Teams conversations, weaknesses in how it handles special elements or injected commands can allow sensitive information to leak across trust boundaries.

In environments where Copilot has broad access to corporate data sources, the impact could include exposure of intellectual property, confidential communications, or restricted internal records.

Microsoft credited Estevam Arantes of Microsoft for discovering both CVE-2026-26129 and CVE-2026-26164, with additional credit to independent researcher 0xSombra for CVE-2026-26164.

No acknowledgment was listed for CVE-2026-33111. Microsoft confirmed that none of the three vulnerabilities were publicly disclosed or actively exploited prior to publication.

Since all three are cloud-side vulnerabilities, Microsoft has already deployed mitigations at the service layer. Enterprises do not need to install patches or apply configuration changes.

However, security teams are advised to review Copilot’s data access permissions and enforce least-privilege principles to reduce exposure from any future similar flaws.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.