CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot

If the issue is not resolved soon, it can allow attackers to execute arbitrary code, steal sensitive information, and cause denial of services on affected systems.

Rohit KVN

Last Updated : 28 May 2026, 09:53 IST

Join Us

Prefer

Quick summary - click for full details

Concise summary of key highlights

CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot

In one line

CERT-In flags critical security flaws in Microsoft 365 Copilot, risking data breaches and system disruption.

Key points

• Critical vulnerabilities detected

CERT-In identified two critical vulnerabilities (CVE-2026-42827 and CVE-2026-41090) in Microsoft 365 Copilot, including input validation flaws, authentication weaknesses, and command handling issues.

• Potential attack vectors

If exploited, attackers could execute arbitrary code, steal sensitive data, cause denial-of-service attacks, or disrupt cloud services.

• Broader security concerns

Microsoft acknowledged vulnerabilities in multiple products, including Global Secure Access, Entra ID, and Azure services, with updates already rolled out.

• User action required

Users are advised to update Microsoft 365 apps immediately via the Account > Update Options menu to mitigate risks.

Processed with AI. Reviewed by DH Digital Team.

Published 28 May 2026, 09:53 IST

Technology Technology News Microsoft DH Tech computer CERT-IN Indian Computer Emergency Response Team

CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot

CERT-In flags critical security vulnerabilities in Microsoft 365 Copilot

Follow us on :

Follow Us