CVE-2026-47644 in Copilot Chatinfo

Summary

by MITRE • 06/05/2026

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Microsoft

Reservation

05/19/2026

Disclosure

06/05/2026

Moderation

accepted

Entry

VDB-368416

CPE

ready

CWE

CWE-74 (confirmed)

CVSS

6.5 (CNA)

EPSS

0.00000

KEV

Activities

low

Sector

Lawfirm, Chemical, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-47644
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-47644
CVE Details	https://www.cvedetails.com/cve/CVE-2026-47644/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!