CVE Catalog
CVE-2026-47645
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.41%
33th percentile — higher than 33% of all known CVEs
Summary
A vulnerability in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to redirect users to an untrusted external site (open redirect), potentially leading to privilege escalation over a network.
Risk Assessment
An attacker could exploit this redirect to steal credentials or conduct a phishing attack, posing a security risk to the organization.
Recommendation
Apply security updates provided by Microsoft for Microsoft 365 Copilot immediately and monitor the environment for unusual redirects.
Original NVD description (English source)
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

