Vulnerability Details CVE-2026-26133
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.8%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2026-26133
-
cpe:2.3:a:microsoft:365_copilot:*
-
cpe:2.3:a:microsoft:edge:-
-
cpe:2.3:a:microsoft:edge:108.0.1462.42
-
cpe:2.3:a:microsoft:edge:112.0.1722.34
-
cpe:2.3:a:microsoft:edge:114.0.1823.82
-
cpe:2.3:a:microsoft:edge:118.0.2088.88
-
cpe:2.3:a:microsoft:edge:122.0.2365.63
-
cpe:2.3:a:microsoft:edge:139.0.3405.86
-
cpe:2.3:a:microsoft:edge:140.0.3485.71
-
cpe:2.3:a:microsoft:excel:*
-
cpe:2.3:a:microsoft:excel:-
-
cpe:2.3:a:microsoft:loop:*
-
cpe:2.3:a:microsoft:onenote:-
-
cpe:2.3:a:microsoft:onenote:16.0.16026.20158
-
cpe:2.3:a:microsoft:outlook:-
-
cpe:2.3:a:microsoft:outlook:3.12.0
-
cpe:2.3:a:microsoft:outlook:3.13.0
-
cpe:2.3:a:microsoft:outlook:3.14.0
-
cpe:2.3:a:microsoft:outlook:3.15.0
-
cpe:2.3:a:microsoft:outlook:3.16.0
-
cpe:2.3:a:microsoft:outlook:3.17.0
-
cpe:2.3:a:microsoft:outlook:3.17.1
-
cpe:2.3:a:microsoft:outlook:3.18.0
-
cpe:2.3:a:microsoft:outlook:3.20.0
-
cpe:2.3:a:microsoft:outlook:3.21.0
-
cpe:2.3:a:microsoft:outlook:3.22.0
-
cpe:2.3:a:microsoft:outlook:3.22.1
-
cpe:2.3:a:microsoft:outlook:3.23.0
-
cpe:2.3:a:microsoft:outlook:3.24.0
-
cpe:2.3:a:microsoft:outlook:3.24.1
-
cpe:2.3:a:microsoft:outlook:3.25.0
-
cpe:2.3:a:microsoft:outlook:3.26.0
-
cpe:2.3:a:microsoft:outlook:3.27.0
-
cpe:2.3:a:microsoft:outlook:3.27.1
-
cpe:2.3:a:microsoft:outlook:3.28.0
-
cpe:2.3:a:microsoft:outlook:3.29.0
-
cpe:2.3:a:microsoft:outlook:3.30.0
-
cpe:2.3:a:microsoft:outlook:3.31.0
-
cpe:2.3:a:microsoft:outlook:3.32.0
-
cpe:2.3:a:microsoft:outlook:3.33.0
-
cpe:2.3:a:microsoft:power_bi:*
-
cpe:2.3:a:microsoft:power_bi:-
-
cpe:2.3:a:microsoft:powerpoint:*
-
cpe:2.3:a:microsoft:powerpoint:-
-
cpe:2.3:a:microsoft:teams:-
-
cpe:2.3:a:microsoft:teams:1.0.0.2023070204
-
cpe:2.3:a:microsoft:teams:1.0.0.2024022302
-
cpe:2.3:a:microsoft:teams:5.12.1
-
cpe:2.3:a:microsoft:word:*
-
cpe:2.3:a:microsoft:word:-
-
cpe:2.3:a:microsoft:word:16.0.10228.20049
-
cpe:2.3:a:microsoft:word:16.0.10325.20043
-
cpe:2.3:a:microsoft:word:16.0.10730.20043
-
cpe:2.3:a:microsoft:word:16.0.10827.20078
-
cpe:2.3:a:microsoft:word:16.0.11001.20049
-
cpe:2.3:a:microsoft:word:16.0.11001.20074
-
cpe:2.3:a:microsoft:word:16.0.11029.20056
-
cpe:2.3:a:microsoft:word:16.0.11126.20063
-
cpe:2.3:a:microsoft:word:16.0.11231.20088
-
cpe:2.3:a:microsoft:word:16.0.11328.20080
-
cpe:2.3:a:microsoft:word:16.0.11425.20132
-
cpe:2.3:a:microsoft:word:16.0.11601.20074
-
cpe:2.3:a:microsoft:word:16.0.11629.20124
-
cpe:2.3:a:microsoft:word:16.0.11727.20104
-
cpe:2.3:a:microsoft:word:16.0.11901.20110
-
cpe:2.3:a:microsoft:word:16.0.11929.20198
-
cpe:2.3:a:microsoft:word:16.0.12026.20174
-
cpe:2.3:a:microsoft:word:16.0.12130.20208
-
cpe:2.3:a:microsoft:word:16.0.12228.20260
-
cpe:2.3:a:microsoft:word:16.0.12325.20174
-
cpe:2.3:a:microsoft:word:16.0.12430.20120
-
cpe:2.3:a:microsoft:word:16.0.12527.20090
-
cpe:2.3:a:microsoft:word:16.0.12624.20254
-
cpe:2.3:a:microsoft:word:16.0.12730.20182
-
cpe:2.3:a:microsoft:word:16.0.12730.20214
-
cpe:2.3:a:microsoft:word:16.0.12827.20140
-
cpe:2.3:a:microsoft:word:16.0.8730.2050
-
cpe:2.3:a:microsoft:word:16.0.8827.2054
-
cpe:2.3:a:microsoft:word:16.0.9001.2077
-
cpe:2.3:a:microsoft:word:16.0.9029.2068
-
cpe:2.3:a:microsoft:word:16.0.9126.2069
-
cpe:2.3:a:microsoft:word:16.0.9226.2077
-
cpe:2.3:a:microsoft:word:16.0.9330.2060
-
cpe:2.3:a:microsoft:word:16.0.9330.2080