CVE Catalog
CVE-2026-41106
CriticalCVSS 9.3Summary
A URL redirection to untrusted site (open redirect) vulnerability in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Risk Assessment
An attacker can exploit this for phishing or data theft by impersonating a trusted domain and intercepting user sessions.
Recommendation
Apply the security update from Microsoft for M365 Copilot and implement URL validation mechanisms in applications using redirects.
Original NVD description (English source)
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

