CVE-2026-26129 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
microsoft	365_copilot_chat	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-138 - Improper Neutralization of Special Elements
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

Vulnerability Media Exposure

[GERMAN] Microsoft 365 Copilot Business Chat: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 365 Copilot Business Chat ausnutzen, um Informationen offenzulegen.
Published: 2026-05-07T22:00:00+00:00

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129