CVE-2026-26133

HighRCE

Published: 16 March 2026

Published

16 March 2026

Modified

09 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

EPSS Score 0.0005 14.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26133 is a high-severity Command Injection (CWE-77) vulnerability in Microsoft Outlook. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.009 Cloud API Execution

Adversaries may abuse cloud APIs to execute malicious commands.

attack.mitre.org →

Why these techniques?

Remote command injection (CWE-77) in public-facing M365 Copilot service directly enables T1190 exploitation over the network with no privileges and T1059.009 via unauthorized cloud API/command execution for data disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Deeper analysisAI

CVE-2026-26133 is an AI command injection vulnerability (CWE-77) affecting Microsoft 365 Copilot. Published on 2026-03-16, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N), indicating a high-severity issue that enables an unauthorized attacker to disclose information over a network.

The vulnerability can be exploited by an unauthorized attacker with network access, requiring low attack complexity and no privileges, though user interaction is necessary. Successful exploitation allows the attacker to achieve high confidentiality impact through information disclosure and low integrity impact, potentially compromising sensitive data within the M365 Copilot environment.

Mitigation details are provided in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133.

Details

CWE(s): CWE-77

Affected Products

microsoft

365 copilot

≤ 2.107.2 · ≤ 16.0.19815.10000

microsoft

edge

≤ 145.3800.99 · ≤ 145.3800.99

microsoft

excel

≤ 2.106.2 · ≤ 16.0.19822.20038

microsoft

loop

≤ 2.106

microsoft

onenote

all versions · ≤ 16.0.19725.20142

microsoft

outlook

all versions · ≤ 5.2605.0 · ≤ 5.2605.0

microsoft

power bi

all versions · ≤ 2.2.260210.21290750

microsoft

powerpoint

≤ 2.106.2 · ≤ 16.0.19822.20038

microsoft

teams

≤ 1.0.0.2026043102 · ≤ 8.3.1

microsoft

word

≤ 2.106.2 · ≤ 16.0.19822.20038

AI Security AnalysisAI

AI Category: Enterprise AI Assistants
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: ai, copilot

CVEs Like This One

CVE-2026-21520Same vendor: Microsoft

CVE-2025-53787Same vendor: Microsoft

CVE-2026-26136Same vendor: Microsoft

CVE-2026-21518Same vendor: Microsoft

CVE-2026-21257Same vendor: Microsoft

CVE-2026-21516Same vendor: Microsoft

CVE-2026-32194Same vendor: Microsoft

CVE-2025-55227Same vendor: Microsoft

CVE-2025-59252Same vendor: Microsoft

CVE-2025-59272Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133
Vendor Advisory · secure@microsoft.com