CVE Catalog

CVE-2026-42895

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

A vulnerability in Microsoft Copilot allows an unauthorized attacker to perform command injection over a network. The issue stems from improper neutralization of special elements used in a command.

Risk Assessment

An attacker can tamper with Copilot's operation, potentially leading to unauthorized changes in the system or access to sensitive data.

Recommendation

Apply the security update provided by Microsoft for the Copilot component immediately.

Original NVD description (English source)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS