Introduction
A critical open redirect in Microsoft 365 Copilot allowed an unauthorized attacker to redirect users from a trusted Microsoft domain to a malicious site, creating a pathway for privilege escalation across network boundaries. With over 15 million paid Copilot seats and 450 million commercial Microsoft 365 seats, even a cloud-only vulnerability in this service carries significant implications for enterprise security posture.
Microsoft disclosed CVE-2026-33102 on April 23, 2026, assigning it a CVSS base score of 9.3. The vulnerability was discovered internally by Microsoft researchers Bushra Aloraini, Rodrigo Silva, and Henrique Pereira, and was remediated server-side before any public disclosure or known exploitation occurred.
Technical Information
The vulnerability is classified as CWE-601: URL Redirection to Untrusted Site, commonly known as an open redirect. According to OWASP documentation, open redirects occur when an application accepts user-controlled input for a redirect target without proper validation. In the context of Microsoft 365 Copilot, this means the service contained an endpoint or parameter that could be manipulated to redirect users to an attacker-controlled destination.
The CVSS base score of 9.3 (Critical) reflects several important characteristics of this flaw:
| Metric | Value |
|---|---|
| Base Score | 9.3 Critical |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity | High |
| Availability | None |
The "Scope: Changed" designation is particularly significant. It indicates that the vulnerability in one component (Copilot's redirect handling) impacts resources beyond its own security scope. Combined with high confidentiality and integrity impact, this suggests the open redirect could be leveraged to compromise authentication tokens, session data, or other sensitive artifacts that belong to a different trust boundary.
Why Open Redirects on Trusted Domains Matter
Open redirects in trusted domains like microsoft.com are especially dangerous for several reasons. First, they are effective phishing vectors because the initial URL appears to originate from a legitimate Microsoft domain, which helps bypass both user suspicion and email security filters. Second, open redirects can serve as building blocks in more complex exploit chains. Attackers commonly use them to steal OAuth authorization codes by manipulating the redirect_uri parameter in an OAuth flow, or to bypass server-side request forgery (SSRF) protections that allowlist trusted domains.
Attack Flow
A plausible attack flow based on the CVSS vector and CWE classification would proceed as follows:
- The attacker identifies the vulnerable redirect endpoint in the Microsoft 365 Copilot service.
- The attacker crafts a URL pointing to the legitimate Copilot domain but embedding a malicious redirect target as a parameter.
- The attacker delivers this URL to a victim through phishing email, chat message, or another social engineering channel.
- The victim clicks the link, trusting the microsoft.com domain.
- The Copilot service processes the request and redirects the victim's browser to the attacker-controlled site.
- At the attacker-controlled destination, the attacker can harvest credentials, OAuth tokens, or session cookies, effectively escalating privileges.
The "User Interaction: Required" metric confirms that exploitation depends on a victim clicking the crafted link. However, the low attack complexity and zero privilege requirements mean any external attacker could attempt this without prior access to the target environment.
Patch Information
Microsoft has fully resolved CVE-2026-33102 through a server-side fix applied directly to the Microsoft 365 Copilot cloud service. The advisory was published on April 23, 2026, and the MSRC page explicitly states: "This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take."
Because Microsoft 365 Copilot is a cloud-hosted service, this patch differs from a traditional downloadable update. Microsoft remediated the underlying CWE-601 flaw entirely on their backend infrastructure. The CVSS temporal vector confirms RL:O (Remediation Level: Official Fix), indicating a complete vendor solution is in place. The Security Updates table in the advisory lists only one entry, Microsoft 365 Copilot, with the Customer Action Required field explicitly set to "Not Required".
This approach is consistent with Microsoft's broader transparency initiative for cloud service CVEs. Under this program, Microsoft now publishes CVE records even for vulnerabilities that were silently patched on the service side, purely to inform the security community. In practical terms, every Microsoft 365 Copilot tenant was protected the moment Microsoft deployed the fix. No administrator intervention, no update installation, and no configuration change was needed.
The CVE.org record tags the MSRC advisory as both a vendor-advisory and a patch, reinforcing that the advisory itself serves as the official patch notice. No separate KB article, build number, or downloadable binary accompanies this fix, which is expected for a service-side remediation of a cloud product.
Compensating Controls
While no customer action is required for the core fix, organizations should still consider compensating controls:
- Security teams should educate users about phishing risks associated with trusted domains, since open redirects specifically exploit domain trust.
- Developers building integrations with Microsoft 365 Copilot should ensure their own applications validate redirect targets and avoid using user-controlled absolute URLs in redirect logic.
Affected Systems and Versions
The vulnerability affects Microsoft 365 Copilot as a cloud-hosted service. Because this is a service-side issue rather than a client-side software flaw, Microsoft has not published specific version numbers or build identifiers. The advisory lists a single affected product entry: Microsoft 365 Copilot. All tenants using the service were potentially affected prior to Microsoft's server-side remediation, and all tenants are now protected without any customer action.
Vendor Security History
Microsoft recently updated its transparency policies regarding cloud vulnerabilities. The Microsoft Security Response Center now issues CVE records for critical cloud service vulnerabilities even when customers do not need to install a patch. These are tagged as "exclusively hosted service" to indicate no customer action is required. This shift is directly relevant to CVE-2026-33102, which is exactly the type of cloud-only issue that would have gone unannounced under older disclosure practices. The initiative, detailed at aka.ms/MSRC-Cloud-CVEs, represents a meaningful step toward giving security teams visibility into vulnerabilities that affect services they rely on, even when those vulnerabilities are resolved without customer involvement.
