🔴 Critical | Source: Microsoft Security Response Center
A command injection vulnerability in Microsoft Copilot allows an unauthenticated attacker to execute arbitrary code remotely over a network, without requiring any user interaction or elevated privileges. This is a serious flaw because Copilot is deeply integrated into Microsoft 365 and Azure services, meaning exploitation could give an attacker a foothold across a broad range of enterprise environments. Organisations using Microsoft Copilot should treat this as a priority remediation.
Security Architect’s Take: Review your Microsoft Copilot deployment immediately and apply any available patches or mitigations from Microsoft; in the interim, consider restricting network-level access to Copilot endpoints and monitoring for anomalous outbound connections or unexpected code execution activity originating from Copilot-integrated services.
Original advisory: CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability