CVE-2026-26137

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot's Business Chat (affected versions not specified)

Description An authorized attacker can elevate privileges over a network due to a server-side request forgery (SSRF) issue in Microsoft 365 Copilot's Business Chat. Server-side request forgery occurs when an application allows an attacker to make requests to unintended locations. This can potentially lead to unauthorized access to internal resources or data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.