🚨 BREAKING

M365 Copilot Critical Open Redirect Allows Privilege Escalation

/CRITICAL /CVSS 9.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severityopen-redirectcwe-601
M365 Copilot Critical Open Redirect Allows Privilege Escalation

The National Vulnerability Database has disclosed CVE-2026-33102, a critical open redirect vulnerability in M365 Copilot. This flaw, rated with a CVSS score of 9.3, allows an unauthorized attacker to elevate privileges over a network. The root cause is identified as CWE-601, a classic URL redirection to an untrusted site.

This isn’t just about phishing; an attacker can craft malicious links that appear legitimate, leveraging the trusted M365 domain to redirect users to attacker-controlled sites. From there, it’s a straight shot to credential harvesting, session hijacking, or delivering drive-by downloads. The ‘elevation of privilege’ aspect means this isn’t merely a client-side annoyance; it could lead to broader network compromise if exploited successfully.

While specific affected products beyond ‘M365 Copilot’ are not detailed by the National Vulnerability Database, organizations deploying or planning to deploy Copilot should prioritize understanding the implications. This type of vulnerability is often leveraged as a stepping stone in more complex attack chains, making it a critical concern for defenders.

What This Means For You

  • If your organization uses M365 Copilot, understand that this critical open redirect (CVE-2026-33102) can be used for privilege escalation. Immediately review Microsoft's official security advisories and apply any available patches or mitigations. Educate your users on identifying suspicious links, even those appearing to originate from trusted domains.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-33102 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Cloud Accounts Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

M365 Copilot Open Redirect to Malicious Site - CVE-2026-33102

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-33102 Open Redirect M365 Copilot
CVE-2026-33102 Privilege Escalation M365 Copilot

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6732 — Libxml2 Denial of Service

CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-843
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

OpenShell Mirror Mode Allows Arbitrary Code Execution

CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw: High-Severity Access Control Bypass Looms

CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile...

vulnerabilityCVEhigh-severitycwe-472
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma