{"data":{"id":"06b0b551-d3bc-435e-8503-410ea506754f","title":"CVE-2026-55145: Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authori","summary":"CVE-2026-55145 is a command injection vulnerability (a type of attack where an attacker inserts malicious commands into user input) in Outlook Copilot that allows an authorized user to tamper with the system over a network. The vulnerability stems from improper handling of special characters in commands. The CVSS severity score (a 0-10 rating of how dangerous the vulnerability is) has not yet been assigned by NIST.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55145","publishedAt":"2026-07-14T18:18:21.520Z","cveId":"CVE-2026-55145","cweIds":["CWE-77"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","Outlook Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-14T18:18:21.520Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}