Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.3

CVE-2026-41106: Microsoft 365 Copilot Allows Untrusted Site Access

CVE-2026-41106 CVE-2026-41106
Summary

An attacker can redirect users to a malicious site, potentially gaining unauthorized access to your network. This vulnerability affects Microsoft 365 Copilot, a tool used for AI-powered assistance. To protect your organization, update Microsoft 365 Copilot to the latest version as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
microsoft microsoft 365 copilot -
Original title
Microsoft 365 Copilot Elevation of Privilege Vulnerability
Original description
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
mitre CVSS3.1 9.3
Vulnerability type
CWE-601 Open Redirect
Published: 2 Jul 2026 · Updated: 5 Jul 2026 · First seen: 2 Jul 2026