M365 Copilot Injection Vulnerability CVE-2026-26164 Allows Info Disclosure
The National Vulnerability Database has detailed CVE-2026-26164, a high-severity injection vulnerability in M365 Copilot. This flaw, rated 7.5 CVSS (High), stems from improper neutralization of special elements in output used by a downstream component. An unauthenticated attacker can exploit this over a network to disclose sensitive information.
This isn’t a speculative bug; it’s a critical logic flaw. Attackers can manipulate input to force Copilot into leaking data, leveraging its internal processing. The ‘injection’ classification, specifically CWE-74, points to a clear pathway for adversaries to subvert intended functionality and extract intelligence.
While specific affected products aren’t detailed beyond M365 Copilot, the implication is clear: any organization leveraging Copilot for content generation or data processing is exposed. This isn’t about denial of service; it’s about unauthorized access to potentially confidential information within the Microsoft 365 ecosystem. Defenders need to recognize the strategic risk of AI components acting as data exfiltration vectors if not properly secured.
What This Means For You
- If your organization uses M365 Copilot, this vulnerability means your sensitive data could be exposed. Keep a close watch for patches or configuration guidance from Microsoft regarding CVE-2026-26164 and ensure your network monitoring can detect unusual data egress from Copilot-related services. This is a direct data leak risk.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-26164 M365 Copilot Injection - Potential Information Disclosure
title: CVE-2026-26164 M365 Copilot Injection - Potential Information Disclosure
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
This rule detects potential exploitation attempts against CVE-2026-26164 in M365 Copilot. It looks for specific URI paths and query parameters commonly associated with injection vulnerabilities targeting the Copilot service, which could lead to information disclosure.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-26164/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/copilot/api/query'
cs-uri-query|contains:
- 'injection_payload_example'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-26164 | Information Disclosure | M365 Copilot |
| CVE-2026-26164 | Code Injection | Improper neutralization of special elements in output used by a downstream component |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 08, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...
CVE-2026-6666 — A possible null pointer reference in PgBouncer before
CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...
PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow
CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...