High nvd · CVE-2026-26164

CVE-2026-26164: Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allow

Published May 7, 2026 CVSS 7.5

Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Affected AI Products

copilot

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.