Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-41106: Microsoft 365 Copilot Allows Untrusted Site Access
CVE-2026-41106
CVE-2026-41106
Summary
An attacker can redirect users to a malicious site, potentially gaining unauthorized access to your network. This vulnerability affects Microsoft 365 Copilot, a tool used for AI-powered assistance. To protect your organization, update Microsoft 365 Copilot to the latest version as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| microsoft | microsoft 365 copilot | - |
Original title
Microsoft 365 Copilot Elevation of Privilege Vulnerability
Original description
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
mitre CVSS3.1
9.3
Vulnerability type
CWE-601
Open Redirect
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41106 vendor-advisory patch
Published: 2 Jul 2026 · Updated: 5 Jul 2026 · First seen: 2 Jul 2026