Microsoft Copilot Studio vulnerabilities
4 known vulnerabilities affecting microsoft/microsoft_copilot_studio.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-21520P3HIGHCVSS 7.5v-2026-01-22
CVE-2026-21520 [HIGH] CWE-77 CVE-2026-21520: Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticate
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
nvd
CVE-2024-49038P3CRITICALCVSS 9.6vN/A2024-11-26
CVE-2024-49038 [CRITICAL] CWE-79 CVE-2024-49038: Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Stud
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
nvd
CVE-2024-38206P3MEDIUMCVSS 6.5vN/A2024-08-06
CVE-2024-38206 [MEDIUM] CWE-918 CVE-2024-38206: An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copi
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
nvd
CVE-2024-43610P3HIGHCVSS 7.5v-2024-10-09
CVE-2024-43610 [HIGH] CWE-200 CVE-2024-43610: Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticate
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
nvd