Introduction
An injection flaw in Microsoft 365 Copilot Business Chat could have allowed an unauthenticated attacker to silently extract sensitive information over the network, with no user interaction required. With Copilot now deployed across 20 million paid seats in the M365 commercial ecosystem, even a fully mitigated cloud vulnerability like this one deserves structured awareness and a clear operational response from security teams.
Technical Information
The root cause of CVE-2026-26164 is classified under CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component. In the context of Microsoft 365 Copilot Business Chat, specially crafted input could influence the output consumed by a downstream component in a way that was not intended, ultimately leading to information disclosure.
CVSS Breakdown
The CVSS 3.1 base score of 7.5 reflects a high severity issue with the following characteristics:
| Metric | Value | Operational Implication |
|---|---|---|
| Base Score | 7.5 | High severity issue requiring attention |
| Temporal Score | 6.5 | Score reduced due to official vendor fix |
| Attack Vector | Network | Exploitable remotely over the network |
| Privileges Required | None | Unauthenticated exploitation possible |
| User Interaction | None | No user action needed to trigger |
| Confidentiality | High | Significant risk of data exposure |
| Integrity | None | No ability to modify data |
| Availability | None | No ability to disrupt service |
The combination of network attack vector, no privileges required, and no user interaction creates a broad attack surface. Any network accessible endpoint serving Copilot Business Chat functionality was potentially reachable prior to the mitigation.
Attack Flow
Based on the vulnerability characteristics, the exploitation path would proceed as follows:
- An unauthorized attacker, operating remotely over the network, crafts input containing special elements targeting the Copilot Business Chat service.
- The Copilot Business Chat service fails to properly neutralize these special elements in its output.
- A downstream component processes this tainted output, and the injected elements alter its behavior.
- The downstream component discloses information back to the attacker.
Because no authentication or user interaction was required, the barrier to exploitation was low. The high confidentiality impact with no integrity or availability impact indicates this was a pure data exfiltration vector: the attacker could read data but could not modify it or disrupt service.
Scope of Affected Components
The specific affected product is Microsoft 365 Copilot Business Chat. Other Microsoft 365 services are not explicitly called out in the vulnerability record. This clarity in scope allows security teams to target their communications and risk tracking specifically to Business Chat owners and Copilot program leads rather than the broader user base.
Affected Systems and Versions
The vulnerability affects Microsoft 365 Copilot Business Chat. Microsoft has not published specific version numbers or version ranges, as this is a cloud service vulnerability that was mitigated on the server side. All instances of the service were affected prior to the mitigation applied by Microsoft, and all instances are now remediated. No other Microsoft 365 services are explicitly identified as affected.
Vendor Security History
CVE-2026-26164 is not an isolated finding in the M365 Copilot product line. CVE-2026-24299 describes a separate command injection vulnerability in M365 Copilot, underscoring that injection weaknesses are a recurring theme in AI integrated services. This pattern suggests that the attack surface introduced by large language model integrations, particularly around prompt and content injection, represents a systemic risk category that Microsoft and other vendors will continue to address as these products mature.
Microsoft's approach of publishing cloud vulnerability advisories even when no customer action is required reflects a transparency posture that is relatively uncommon among cloud service providers. Organizations should expect more advisories of this type and tune their internal processes accordingly.
Copilot Adoption Context
The scale of Copilot deployment adds context to the potential impact:
| Metric | Q2 2026 | Q3 2026 |
|---|---|---|
| Paid Copilot Seats | 15 million | 20 million |
| Total M365 Commercial Seats | 450 million | Up to 477 million estimated |
| Penetration Rate | 3.3 percent | 4.2 to 4.4 percent |
References
- CVE-2026-26164: Microsoft Security Update Guide
- CVE Record: CVE-2026-26164 (CVE.org)
- NVD Entry for CVE-2026-26164
- Microsoft Claims 15 Million Paid M365 Copilot Seats (Directions on Microsoft)
- Microsoft 365 Copilot Hits 20 Million Paid Seats (No Jitter)
- CVE-2026-24299: M365 Copilot Command Injection (SentinelOne)



