Two vulnerabilities in Microsoft Copilot have been disclosed: an injection vulnerability in Copilot Chat for Microsoft Edge (CVE-2026-47644, CVSS 6.5) and a command injection vulnerability in Microsoft Copilot (CVE-2026-45497, CVSS 7.7). Both allow an authorised attacker to execute code or disclose information over a network.
What Are the Vulnerabilities?
CVE-2026-47644 — Copilot Chat Injection (CVSS 6.5, CWE-74): An improper neutralisation of special elements in output used by a downstream component in Copilot Chat for Microsoft Edge. An authorised attacker can exploit this injection vulnerability to disclose information. Copilot Chat in Edge integrates AI-assisted capabilities directly into the browser — injection flaws at this layer could potentially access browsing context, page content, or user data processed by Copilot.
CVE-2026-45497 — Copilot Command Injection (CVSS 7.7, CWE-77): A command injection vulnerability in Microsoft Copilot. An authorised attacker can exploit improper neutralisation of special elements to execute code over a network. This directly affects the core Copilot service integrated across Microsoft 365 applications.
Together, these vulnerabilities represent a pattern of injection flaws in Microsoft’s rapidly deployed AI integration layer. Both were published June 4, 2026.
Which Versions Are Affected?
- CVE-2026-47644: Copilot Chat in Microsoft Edge
- CVE-2026-45497: Microsoft Copilot (Microsoft 365 integration)
What Is the Fix?
Microsoft has applied fixes to both services. Advisories: MSRC CVE-2026-47644 | MSRC CVE-2026-45497
Recommendations
Ensure Microsoft 365 and Edge are updated. Cloud-side fixes have been applied. Ensure Edge browsers are on the latest version. Audit Copilot usage and access permissions in your Microsoft 365 tenant.
References
This advisory is covered in the broader Vulnerability Intelligence Report — June 5, 2026.
