Vulnerability Details CVE-2026-42893
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.1%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2026-42893
-
cpe:2.3:a:microsoft:outlook:-
-
cpe:2.3:a:microsoft:outlook:3.12.0
-
cpe:2.3:a:microsoft:outlook:3.13.0
-
cpe:2.3:a:microsoft:outlook:3.14.0
-
cpe:2.3:a:microsoft:outlook:3.15.0
-
cpe:2.3:a:microsoft:outlook:3.16.0
-
cpe:2.3:a:microsoft:outlook:3.17.0
-
cpe:2.3:a:microsoft:outlook:3.17.1
-
cpe:2.3:a:microsoft:outlook:3.18.0
-
cpe:2.3:a:microsoft:outlook:3.20.0
-
cpe:2.3:a:microsoft:outlook:3.21.0
-
cpe:2.3:a:microsoft:outlook:3.22.0
-
cpe:2.3:a:microsoft:outlook:3.22.1
-
cpe:2.3:a:microsoft:outlook:3.23.0
-
cpe:2.3:a:microsoft:outlook:3.24.0
-
cpe:2.3:a:microsoft:outlook:3.24.1
-
cpe:2.3:a:microsoft:outlook:3.25.0
-
cpe:2.3:a:microsoft:outlook:3.26.0
-
cpe:2.3:a:microsoft:outlook:3.27.0
-
cpe:2.3:a:microsoft:outlook:3.27.1
-
cpe:2.3:a:microsoft:outlook:3.28.0
-
cpe:2.3:a:microsoft:outlook:3.29.0
-
cpe:2.3:a:microsoft:outlook:3.30.0
-
cpe:2.3:a:microsoft:outlook:3.31.0
-
cpe:2.3:a:microsoft:outlook:3.32.0
-
cpe:2.3:a:microsoft:outlook:3.33.0