{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26133", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T16:24:51.133Z", "datePublished": "2026-03-13T21:10:13.535Z", "dateUpdated": "2026-03-13T22:25:36.382Z"}, "containers": {"cna": {"title": "M365 Copilot Information Disclosure Vulnerability", "datePublic": "2026-03-12T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "2.106.26020617"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "5.2605"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "5.2605"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "2.107.2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "145.3800.99"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "8.3.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.0.2026043102"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.19822.20038"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.19822.20038"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "2.106.26020617"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.106.26020617"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.106.26020617"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "5.2605"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "16.0.19815.10000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.2.260210.21290750"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.2.260302.2193910"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "16.0.19725.20142"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "145.3800.99"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.19822.20038"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "2.106.26020617"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft 365 Copilot for Android", "versions": [{"version": "1.0", "lessThan": "16.0.19815.10000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft 365 Copilot for iOS", "versions": [{"version": "1.0", "lessThan": "2.107.2", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Edge for Android", "versions": [{"version": "1.0.0", "lessThan": "145.3800.99", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Edge for iOS", "versions": [{"version": "1.0.0.0", "lessThan": "145.3800.99", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel for Android", "versions": [{"version": "16.0.0.0", "lessThan": "16.0.19822.20038", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel for iOS", "versions": [{"version": "1.0", "lessThan": "2.106.26020617", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Loop for iOS", "versions": [{"version": "2.0.0", "lessThan": "2.106.26020617", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft OneNote", "versions": [{"version": "1.0.0", "lessThan": "2.106.26020617", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft OneNote for Android", "versions": [{"version": "16.0.1", "lessThan": "16.0.19725.20142", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook for Android", "versions": [{"version": "1.0", "lessThan": "5.2605", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook for iOS", "versions": [{"version": "1.0.0", "lessThan": "5.2605", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook for Mac", "versions": [{"version": "1.0.0", "lessThan": "5.2605", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft PowerBI for Android", "versions": [{"version": "2.0.0", "lessThan": "2.2.260210.21290750", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft PowerBI for iOS", "versions": [{"version": "1.0.0", "lessThan": "1.2.260302.2193910", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft PowerPoint for Android", "versions": [{"version": "16.0.0.0", "lessThan": "16.0.19822.20038", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft PowerPoint for iOS", "versions": [{"version": "1.0", "lessThan": "2.106.26020617", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Teams for Android", "versions": [{"version": "1.0.0", "lessThan": "1.0.0.2026043102", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Teams for iOS", "versions": [{"version": "2.0.0", "lessThan": "8.3.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Word for Android", "versions": [{"version": "16.0.0.0", "lessThan": "16.0.19822.20038", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Word for iOS", "versions": [{"version": "2.0.0", "lessThan": "2.106.26020617", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-03-13T22:25:36.382Z"}, "references": [{"name": "M365 Copilot Information Disclosure Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C"}}]}}}

{}

{}

{}

{}