Improper neutralization of special elements in Microsoft 365 Copilot's Business Chat allows sensitive information to leak across trust boundaries. Network-accessible exploitation requires no privileges or user interaction, enabling attackers to inject commands that bypass security controls.
Microsoft has deployed mitigations at the service layer. No enterprise patches or configuration changes required as the fix is cloud-side.
Source: NVD • Published: 2026-05-07
Information disclosure vulnerability in Microsoft 365 Copilot via improper special elements handling. High confidentiality impact could expose intellectual property, confidential communications, and restricted internal records through specially crafted prompts.
Cloud-side fix already deployed by Microsoft. Verify your organization is using the latest Copilot service version.
Source: NVD • Published: 2026-05-07
Command injection vulnerability (CWE-77) in Copilot Chat embedded in Microsoft Edge. Network-accessible with no privileges required, allowing attackers to trick the model into revealing restricted data through crafted prompts.
Update Microsoft Edge to the latest version released after May 7, 2026. Microsoft has deployed the fix automatically for most users.
Source: NVD • Published: 2026-05-07
Indirect prompt injection vulnerability in Copilot Studio (ShareLeak exploit). Attackers can inject fake system role messages via SharePoint form submissions, overriding agent instructions to exfiltrate customer data via Outlook to attacker-controlled email addresses.
Apply Microsoft security update from January 15, 2026. Implement input validation on all public-facing forms connected to Copilot Studio agents and review agent permissions to SharePoint and Outlook.
Source: NVD • Published: 2026-04-30
Improper neutralization of special elements in output allows security feature bypass. Network-accessible exploitation requires no authentication, enabling unauthorized attackers to bypass security controls in GitHub Copilot and Visual Studio.
Update GitHub Copilot extension and Visual Studio to versions released after May 12, 2026. Check GitHub security advisories for specific version numbers.
Source: NVD • Published: 2026-05-12
Spoofing vulnerability in Microsoft 365 Copilot for Android allows attackers to impersonate trusted components, potentially intercepting or mimicking Copilot's communication with Microsoft cloud services through malicious apps.
Update Microsoft 365 Copilot Android app to latest version. Enforce MDM policies to prevent sideloading, and implement app reputation scanning on managed Android devices.
Source: NVD • Published: 2026-05-12
Case-sensitivity bypass vulnerability in Cursor IDE allows attackers to overwrite sensitive configuration files like .cursor/mcp.json through path variations, potentially leading to remote code execution by modifying MCP server configurations.
Update Cursor IDE to version 1.7 or later. Review and audit existing .cursor/mcp.json configurations for unauthorized modifications.
Source: NVD • Published: 2026-05-01
CurXecute vulnerability in Cursor IDE's MCP server auto-start mechanism enables remote code execution. Maliciously named MCP servers can execute arbitrary code without user consent when projects are opened.
Update Cursor to version 1.3 or later. Disable MCP server auto-start in settings and manually review all MCP server configurations before approval.
Source: NVD • Published: 2026-05-01
MCPoison vulnerability in Cursor IDE's MCP trust model. Once a user approves an MCP, attackers can silently modify its command or arguments for persistent remote code execution without additional validation or user prompts.
Update Cursor to version 1.3 or later. Re-approve all existing MCP configurations and enable verbose logging to detect unauthorized MCP modifications.
Source: NVD • Published: 2026-05-05
Git hook arbitrary code execution vulnerability in Cursor IDE. Malicious actors can embed bare repositories with malicious pre-commit hooks that execute automatically during commit operations, triggered by normal IDE usage on cloned repositories.
Update Cursor IDE to the latest version addressing CVE-2026-26268. Configure Git to ignore hooks from untrusted repositories using git config --global core.hooksPath and inspect .git/hooks directories before committing.
Source: NVD • Published: 2026-05-01
Shell environment poisoning vulnerability (CWE-15) in Cursor AI's Auto-Run Mode with Allowlist enabled. Prompt injection can manipulate shell environment variables via shell built-ins (export, unset, set) that bypass validation, hijacking trusted command execution.
Upgrade Cursor to version 2.3 or later immediately. Disable Auto-Run Mode until patched, or switch to explicit command approval mode and audit shell configurations.
Source: NVD • Published: 2026-05-01
Prompt injection remote code execution vulnerability in Windsurf 1.9544.26. Remote attackers can execute arbitrary commands by causing unauthorized modification of local MCP configuration through crafted prompts.
Update Windsurf IDE to a version later than 1.9544.26. Implement strict input validation for all AI prompts and review MCP configuration file permissions to prevent unauthorized modifications.
Source: NVD • Published: 2026-05-01