🔴 Critical  |  Source: Microsoft Security Response Center


A command injection vulnerability in Microsoft Copilot allows an unauthenticated attacker to execute arbitrary code remotely over a network, without requiring any user interaction or elevated privileges. This is a serious flaw because Copilot is deeply integrated into Microsoft 365 and Azure services, meaning exploitation could give an attacker a foothold across a broad range of enterprise environments. Organisations using Microsoft Copilot should treat this as a priority remediation.

Security Architect’s Take: Review your Microsoft Copilot deployment immediately and apply any available patches or mitigations from Microsoft; in the interim, consider restricting network-level access to Copilot endpoints and monitoring for anomalous outbound connections or unexpected code execution activity originating from Copilot-integrated services.

Original advisory: CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability