CVE Catalog
CVE-2026-42895
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.40%
32th percentile — higher than 32% of all known CVEs
Summary
A vulnerability in Microsoft Copilot allows an unauthorized attacker to perform command injection over a network. The issue stems from improper neutralization of special elements used in a command.
Risk Assessment
An attacker can tamper with Copilot's operation, potentially leading to unauthorized changes in the system or access to sensitive data.
Recommendation
Apply the security update provided by Microsoft for the Copilot component immediately.
Original NVD description (English source)
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

