CVE-2026-41090
CRITICAL
NVD
CVSS Score
9.3
Severity
CRITICAL
Published
May 22, 2026
Vendor
unknown
Description
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.