CVE-2026-47645
published 2026-06-19CVE-2026-47645: Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a…
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.41%
32.6th percentile
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_365_copilot | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft 365 Copilot CVE-2026-47645 Microsoft redirect (EUVD-2026-38091)
vuldb·2026-06-20
CVE-2026-47645 [LOW] Microsoft 365 Copilot CVE-2026-47645 Microsoft redirect (EUVD-2026-38091)
A vulnerability has been found in Microsoft 365 Copilot CVE-2026-47645 Microsoft 365 and classified as problematic. This affects an unknown part. This manipulation causes open redirect.
The identification of this vulnerability is CVE-2026-47645. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
ghsa_unreviewed·2026-06-19
CVE-2026-47645 [HIGH] CWE-601 Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-19
Published