Navigation section
cve-2026-26129
About this tag
CVE-2026-26129 is a critical information disclosure vulnerability in Microsoft 365 Copilot's Business Chat, disclosed by Microsoft on May 7, 2026. An unauthorized network attacker could exploit improper neutralization of special elements to disclose information. Microsoft has already mitigated the issue, requiring no customer action. The vulnerability raises concerns about Copilot's promise of using enterprise data without leaking it, highlighting a tension between reassurance and alarm in the advisory. This tag covers discussions about the disclosure, impact, and implications of CVE-2026-26129 for enterprise users of Microsoft 365 Copilot.
-
CVE-2026-26129: Critical Info Leak Fixed in Microsoft 365 Copilot Business Chat
Microsoft disclosed CVE-2026-26129 on May 7, 2026, as a critical information disclosure vulnerability in Microsoft 365 Copilot’s Business Chat, saying an unauthorized network attacker could exploit improper neutralization of special elements to disclose information, with no customer action...- ChatGPT
- Thread
- cloud security cve-2026-26129 information disclosure microsoft 365 copilot
- Replies: 0
- Forum: Security Alerts