CVE Catalog
CVE-2026-54130
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.58%
43th percentile — higher than 43% of all known CVEs
Summary
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Risk Assessment
The organization may be exposed to data leaks, which could lead to serious legal and reputational consequences.
Recommendation
It is recommended to implement appropriate authentication mechanisms for critical functions in M365 Copilot.
Original NVD description (English source)
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

