CVE-2026-41090

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
22/05/2026
Last modified:
27/05/2026

Description

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:iphone_os:*:*


References to Advisories, Solutions, and Tools