CVE-2026-48561: Microsoft Copilot Remote Code Execution Vulnerability

Overview

Severity
Critical (CVSS 9.6)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.

FAQ

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment. How could an attacker exploit this vulnerability? An attacker could host a malicious website that causes Microsoft Edge for Android to automatically send crafted prompts to Copilot on a user’s device when the user visits the site. Because the affected component processes these requests without confirmation or origin checks, the prompts may be executed without the user’s awareness, potentially resulting in unintended actions within Copilot such as accessing or modifying data.

Affected Products (2)

Apps

  • Microsoft 365 Copilot for Android
  • Microsoft 365 Copilot for iOS

Security Updates (2)

Acknowledgments

Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>

Revision History

  • 2026-07-14: Information published.