Microsoft · M365 Copilot · CVE-2026-45497
**Name of the Vulnerable Software and Affected Versions**
Microsoft 365 Copilot versions prior to June 2026
**Description**
Improper neutralization of special elements used in a command allows an authorized attacker to execute code over a network. This issue, known as command injection, occurs when an application fails to properly filter or sanitize input used in a system command, enabling the execution of arbitrary code on the server.
**Recommendations**
Update to the June 2026 security release.