Microsoft Fixes Critical Copilot Flaws That Could Expose Sensitive Data
5 min. read 
Published on
Microsoft has fixed three critical-rated information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. The flaws were published on May 7, 2026, and Microsoft says customers do not need to install patches or change settings.
The vulnerabilities are tracked as CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111. All three could allow an unauthorized attacker to disclose sensitive information over a network.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The issues matter because Copilot products can process business data from Microsoft 365 services. In enterprise environments, that may include emails, documents, chats, calendar content, and other internal information depending on how Copilot access is configured.
What Microsoft fixed
CVE-2026-26129 affects M365 Copilot and comes from improper neutralization of special elements. Microsoft classifies it as an information disclosure vulnerability.
CVE-2026-26164 also affects M365 Copilot. It is tied to improper neutralization of special elements in output used by a downstream component, which maps to an injection weakness.
CVE-2026-33111 affects Copilot Chat in Microsoft Edge. Microsoft describes it as improper neutralization of special elements used in a command, which maps to command injection.
At a glance
| CVE | Affected service | Weakness type | Impact | Customer action |
|---|---|---|---|---|
| CVE-2026-26129 | M365 Copilot | Improper neutralization of special elements | Information disclosure | No action required |
| CVE-2026-26164 | M365 Copilot | Injection through downstream output handling | Information disclosure | No action required |
| CVE-2026-33111 | Copilot Chat in Microsoft Edge | Command injection | Information disclosure | No action required |
Why there is no patch for users to install
These are cloud-side service vulnerabilities. Microsoft says the issues have already been fully mitigated by Microsoft, so users and administrators do not need to take direct remediation action.
This can look unusual compared with Windows or Office security updates, where administrators usually deploy a patch. In this case, Microsoft controls the affected cloud service layer and can apply the fix centrally.
Microsoft has also said it now assigns CVEs to some significant cloud service vulnerabilities even when customers do not need to patch anything. The goal is to improve transparency for cloud security issues.
CVE-2026-26129 affects M365 Copilot
CVE-2026-26129 is an information disclosure vulnerability in M365 Copilot. The issue involves improper neutralization of special elements.
Public vulnerability data lists the CVSS 3.1 base score as 7.5, with a network attack vector, low attack complexity, no privileges required, and no user interaction required.
The main risk is confidentiality. An attacker could use the flaw to disclose information over the network if the vulnerable service behavior had not been remediated.
CVE-2026-26164 involves injection behavior
CVE-2026-26164 is another M365 Copilot information disclosure vulnerability. It is classified under CWE-74, which covers improper neutralization of special elements in output used by a downstream component.
The CVSS vector indicates network-based exploitation, low attack complexity, no privileges required, no user interaction, unchanged scope, and high confidentiality impact.
Microsoft’s exploitability assessment lists exploitation as less likely. Public records also show no indication that the issue was publicly disclosed or exploited before publication.
CVE-2026-33111 affects Copilot Chat in Edge
CVE-2026-33111 affects Copilot Chat in Microsoft Edge. The weakness is classified under CWE-77, which covers improper neutralization of special elements used in a command.
The vulnerability has the same 7.5 CVSS 3.1 base score listed for the other two Copilot information disclosure issues. It also requires no privileges and no user interaction.
Although Microsoft already fixed the issue on its side, the advisory is notable because Copilot Chat in Edge has broad visibility across enterprise deployments where the browser is widely used.
Why Copilot security matters
AI assistants can become a new interface to business data. When users ask questions, Copilot may retrieve, summarize, and reason across information the user can access in Microsoft 365.
This makes data access controls more important. A Copilot vulnerability does not automatically mean every document is exposed, but weak permissions can increase the amount of information available through any future flaw.
Security teams should treat these advisories as a reminder to review data access, sensitivity labels, external sharing, and least-privilege controls across Microsoft 365.
What administrators should review
- Check Microsoft 365 Copilot permissions and rollout scope.
- Review who has access to sensitive SharePoint sites, Teams channels, and OneDrive content.
- Audit external sharing settings across Microsoft 365.
- Use sensitivity labels for confidential files and records.
- Review Conditional Access and identity protection policies.
- Monitor unusual Copilot, Edge, and Microsoft 365 activity in available audit logs.
- Keep Edge and Microsoft 365 apps updated even when cloud-side fixes require no action.
- Document the CVEs for compliance and risk tracking.
No evidence of active exploitation
Public advisory data does not show the three Copilot vulnerabilities as exploited in the wild at publication. The issues were also not listed as publicly disclosed before Microsoft published the advisories.
That reduces immediate operational pressure, but it does not remove the broader concern. Copilot sits close to sensitive enterprise data, so information disclosure bugs deserve attention even when Microsoft has already fixed them.
The practical response is not emergency patching. It is confirmation that the cloud-side fix is in place, followed by a review of Microsoft 365 data exposure and access hygiene.
Summary
- Microsoft published three critical-rated Copilot information disclosure CVEs on May 7, 2026.
- CVE-2026-26129 and CVE-2026-26164 affect M365 Copilot.
- CVE-2026-33111 affects Copilot Chat in Microsoft Edge.
- Microsoft has already mitigated the issues, and customers do not need to install patches.
- Organizations should use the incident to review Copilot permissions and Microsoft 365 data access controls.
FAQ
Microsoft fixed CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111. All three are information disclosure vulnerabilities affecting M365 Copilot or Copilot Chat in Microsoft Edge.
No. These are cloud-side vulnerabilities, and Microsoft says it has already fully mitigated them. There is no customer action required.
Public advisory data does not show active exploitation or prior public disclosure for these three vulnerabilities at publication.
They are important because Copilot can interact with sensitive business data. Information disclosure flaws in AI-powered productivity tools can create risk across emails, files, chats, and internal records.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages