CVE Catalog

CVE-2026-45497

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Summary

Microsoft Copilot has improper neutralization of special elements used in commands, leading to command injection vulnerability. This allows an authorized attacker to execute code over a network.

Risk Assessment

An attacker with appropriate permissions can exploit this vulnerability to remotely execute unauthorized code, potentially leading to serious security breaches.

Recommendation

It is recommended to update Microsoft Copilot to the latest version and implement additional security measures to mitigate the risk of command injection.

Original NVD description (English source)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS