Critical nvd · CVE-2026-33102

CVE-2026-33102: Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privilege

Published Apr 23, 2026 CVSS 9.3

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

copilot

Get the weekly digest. Every Monday: top AI security stories of the week. Free.