CVE-2026-24299

Publication date

2026-03-19 21:06:24

Family

microsoft

State

PUBLISHED

Description

Improper neutralization of special elements used in a command (command injection) in M365 Copilot allows an unauthorized attacker to disclose information over a network.