CVE Catalog

CVE-2026-47645

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

A vulnerability in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to redirect users to an untrusted external site (open redirect), potentially leading to privilege escalation over a network.

Risk Assessment

An attacker could exploit this redirect to steal credentials or conduct a phishing attack, posing a security risk to the organization.

Recommendation

Apply security updates provided by Microsoft for Microsoft 365 Copilot immediately and monitor the environment for unusual redirects.

Original NVD description (English source)

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS