—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Information Disclosure Vulnerability in M365 Copilot

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Microsoft 365 Copilot

Overview

A vulnerability has been reported in Microsoft 365 Copilot (M365 Copilot) which could allow an unauthorized attacker to disclose sensitive information over a network.

Target Audience:

Organizations and individuals using Microsoft 365 Copilot.

Risk Assessment:

High risk of unauthorized access of data and data manipulation.

Impact Assessment:

Exposure of sensitive information, unauthorized access to data, and compromise of confidentiality.

Description

Microsoft 365 Copilot (M365 Copilot) is an AI assistant integrated into Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and Teams to help users generate content, analyze data, and summarize information.

A vulnerability exists in Microsoft 365 Copilot (M365 Copilot) due to missing authentication for a critical function. An unauthorized attacker could exploit this vulnerability over a network.

Successful exploitation of the vulnerability could allow an unauthorized attacker to disclose sensitive information over a network.

Solution

Apply appropriate software updates as mentioned:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130

Vendor Information

Microsoft

https://www.microsoft.com/en-in/

References

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130

CVE Name

CVE-2026-54130

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo7m2gACgkQ3jCgcSdc

ys8vgQ/+P/aQlFjNGtAZBGSGWuao5q+lNjUJ04xRyxVLgZQWpQWXYv4hsR+hrNF0

5NTQLHpFbl4wGQEl5ip3PulGx9bDELYY/+iWsnj8a9MlMiIFQeqQMJOsuKeaCM7c

GmmHKEDzYmYHygH3DQ1gqDX1I6oXw07AXKFDtNpVrWNa8DIAlZ2UAI9hOP3A9rSP

UMn27256U74avZ0NEzhjBYu3PIdJMDx9yOwA2b3VwvQ/ea0tkbCoTugfOzfto1Gm

SUQlkB7hYMkHQTT+HNpy6RdWYwKevY6K/nQhxv3M7vDOcrHWctkPOyP06c5Zp05T

7cVVJfDZEGhmJFjL+S5Dv3aYvsDwoxzuGqjf3ILXqaLlCopbyDELEZ1CCb/ZerlU

JwLCFs6Uhwl7MWXDpNRtRNya5QQZWdANzCHKNXkBpflabLiqEQkJP5tLLpRBkSnp

o//SNaHuwI1VOVf57EvwaFQvQHB0aoxpgPER4oiEWzecGLyT6eqazvX6apLZ/6vF

6lnuTHVFoDvZg+Ubc5R6L/gqZLGkmrrpdz6H5cZry7ORXNyL+/tD3zBbsU9ftyEH

F8bV1hlWWPqogZqS+4HWCITbwh6HVdBU1aeM9InHfh2ACU79qJzvu19KIX32msa1

wRNJUCqLH7+DW8eKALJupAxIOQ+KM7H/nwkwB3CE2xYDZ46PF2g=

=m2np

—–END PGP SIGNATURE—–