Severity
High
Analysis Summary
Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, officially published by the Microsoft Security Response Center on May 7, 2026. The vulnerabilities, tracked as CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111, were addressed entirely at Microsoft’s cloud service layer, meaning no action is required from end users or enterprise administrators. Their disclosure aligns with Microsoft’s ongoing cloud CVE transparency initiative, which aims to provide greater visibility into security issues affecting cloud-hosted services.
The first vulnerability, CVE-2026-26129, impacts Microsoft 365 Copilot’s Business Chat and stems from improper neutralization of special elements in output delivered to downstream components. This flaw could have allowed unauthorized attackers to disclose sensitive enterprise information over a network. While Microsoft did not publish full CVSS scoring details for this issue, its classification as Critical highlights the serious confidentiality risks associated with Copilot’s access to organizational data sources such as emails, files, and collaboration platforms.
The second and third flaws, CVE-2026-26164 and CVE-2026-33111, target Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, respectively. CVE-2026-26164 is categorized under CWE-74 (output neutralization/injection), while CVE-2026-33111 falls under CWE-77 (command injection). Both vulnerabilities carry a CVSS score of high, with a temporal score of medium, and share a highly concerning attack profile: network-accessible exploitation requiring no privileges and no user interaction, with high confidentiality impact. Despite these characteristics, Microsoft assessed exploitation as less likely and confirmed that no evidence of active exploitation or public disclosure existed before remediation.
These vulnerabilities underscore the expanding security risks associated with AI-powered enterprise productivity tools. Because Microsoft 365 Copilot can aggregate and process large volumes of sensitive corporate information, including internal communications, documents, Teams conversations, and intellectual property, any weakness in how the system handles injected commands or malformed output could create significant opportunities for data leakage across trust boundaries. Microsoft credited the security researcher for discovering CVE-2026-26129 and CVE-2026-26164, alongside independent researcher for contributions to CVE-2026-26164. While all three issues have been fully mitigated, organizations are strongly advised to review Copilot data access permissions and enforce least-privilege access controls to minimize exposure to similar future threats.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2026-26129
CVE-2026-26164
CVE-2026-33111
Remediation
- Microsoft has already fully patched and mitigated all three vulnerabilities at the cloud service level, so no manual patching is required from users or administrators.
- No end-user or enterprise action is needed to apply fixes, as updates were deployed directly by Microsoft across Microsoft 365 Copilot and Edge Copilot Chat services.
- Verify Copilot access controls in your organization and ensure only necessary users have access to Copilot features, especially those interacting with sensitive data sources.
- Enforce least-privilege permissions across Microsoft 365 services (Teams, Exchange, SharePoint, OneDrive) to reduce the potential impact of any future information disclosure issues.
- Regularly audit Copilot usage and data access logs to detect abnormal queries or unexpected data exposure patterns.
- Keep Microsoft Edge and Microsoft 365 applications updated to ensure alignment with the latest security configurations and backend mitigations.
- Enable Microsoft security baselines and Defender for Cloud Apps policies to monitor AI-driven data access and enforce conditional access where applicable.