Critical Microsoft 365 Copilot Vulnerabilities Expose Sensitive Data
Key Takeaways Microsoft has patched three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. The flaws, identified as CVE-2026-26129,...
Key Takeaways
- Microsoft has patched three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge.
- The flaws, identified as CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111, could lead to the exposure of sensitive data.
- All vulnerabilities have been fully mitigated by Microsoft as of May 7, 2026, requiring no action from end users or administrators.
- The issues highlight the unique security challenges posed by AI-powered productivity tools with broad access to enterprise data.
Microsoft has successfully addressed three critical information disclosure vulnerabilities found within its Microsoft 365 Copilot and the Copilot Chat feature integrated into Microsoft Edge. These significant security flaws, which could have exposed sensitive data, were fully remediated on May 7, 2026, with no required actions from users or IT administrators.
Table Of Content
The company’s Security Response Center (MSRC) released advisories for these vulnerabilities—CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111—as part of its commitment to transparent disclosure regarding cloud service security issues.
Each of the identified vulnerabilities carries a critical severity rating and is categorized as an information disclosure type of impact, underscoring the potential for unauthorized access to confidential information.
Microsoft confirmed that all three vulnerabilities have been fully mitigated on its cloud services, aligning with its “Toward Greater Transparency: Unveiling Cloud Service CVEs” initiative, which aims to provide clearer insights into security issues affecting its cloud offerings.
Technical Analysis of Copilot Vulnerabilities
CVE-2026-26129: Microsoft 365 Copilot Business Chat
The vulnerability CVE-2026-26129 impacts the Business Chat component of Microsoft 365 Copilot. This flaw arises from insufficient neutralization of special characters or elements within the output processed by subsequent system components. An attacker could potentially exploit this weakness over a network to reveal sensitive information.
While a full CVSS score was not publicly released for this specific CVE, its critical severity designation reflects the substantial risk to data confidentiality, especially given Copilot’s extensive access to enterprise data.
CVE-2026-26164: Microsoft 365 Copilot Injection Flaw
CVE-2026-26164 also targets Microsoft 365 Copilot and is classified under CWE-74, denoting an “Improper Neutralization of Special Elements in Output Used by a Downstream Component – Injection.”
This vulnerability features a network-based attack vector, requires no specific user privileges or interaction, and poses a high risk to confidentiality. Microsoft’s assessment indicates that exploitation is “Less Likely,” and the maturity of exploit code remains unproven.
CVE-2026-33111: Copilot Chat in Microsoft Edge Command Injection
CVE-2026-33111 affects the Copilot Chat feature embedded within Microsoft Edge. It falls under CWE-77, or “Improper Neutralization of Special Elements Used in a Command – Command Injection.”
This vulnerability shares a CVSS score of 7.5 (base) / 6.5 (temporal) with CVE-2026-26164, exhibiting an identical attack profile: network-accessible, no privileges required, no user interaction, and a high impact on confidentiality. The presence of such a flaw in Microsoft Edge is particularly noteworthy given its widespread use in corporate environments.
These three vulnerabilities collectively underscore the unique and evolving attack surface presented by AI-powered productivity tools. Microsoft 365 Copilot, by design, aggregates and processes vast quantities of organizational data—ranging from emails and documents to Teams conversations. Consequently, any weaknesses in how it handles special elements or injected commands could inadvertently lead to the leakage of sensitive information across trust boundaries.
In scenarios where Copilot possesses broad access to an organization’s data sources, the potential ramifications could include the exposure of proprietary intellectual property, confidential communications, or restricted internal records.
Microsoft acknowledged Estevam Arantes of Microsoft for the discovery of CVE-2026-26129 and CVE-2026-26164. Independent researcher 0xSombra also received credit for their contribution to identifying CVE-2026-26164. No specific acknowledgment was listed for CVE-2026-33111. Microsoft confirmed that none of these vulnerabilities were publicly disclosed or actively exploited prior to the publication of the advisories.
Since all three vulnerabilities are cloud-side issues, Microsoft has already implemented the necessary mitigations at the service layer. This means enterprises are not required to install patches or modify existing configurations.
What You Should Do
- While direct action is not required for these specific vulnerabilities, security teams should proactively review Copilot’s data access permissions within their environments.
- Enforce the principle of least privilege for Copilot and other AI tools to minimize the potential impact of any future security flaws.
- Stay informed about Microsoft’s security advisories and best practices for securing AI-powered services.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.