Cve-2026-47645

🟠 High | Source: Microsoft Security Response Center A vulnerability in Microsoft 365 Copilot’s Business Chat allows attackers to exploit an open redirect flaw, redirecting users to malicious sites without authentication. This can be leveraged to elevate privileges over a network, potentially enabling account takeover or credential theft. The risk is heightened given the widespread enterprise adoption of Microsoft 365 Copilot. Security Architect’s Take: Review and restrict access to Microsoft 365 Copilot’s Business Chat where not business-critical, and ensure conditional access policies and phishing-resistant MFA are enforced. Monitor Microsoft’s update guidance and apply any available patches or mitigations promptly, particularly in environments where Copilot has broad data access. ...