High nvd · CVE-2026-42893

CVE-2026-42893: Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz

Published May 12, 2026 CVSS 7.4

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

Remote Code Execution

Affected AI Products

copilot

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.