{"data":{"id":"2661e10e-ca77-40b7-9faf-d0c703123290","title":"CVE-2026-47644: Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Micr","summary":"CVE-2026-47644 is an injection vulnerability (a flaw where specially crafted input is not properly filtered before being used by another part of the system) in Microsoft Edge's Copilot Chat that allows an attacker to disclose information over a network without authorization. The vulnerability involves improper neutralization of special elements in output, meaning the system doesn't properly clean or validate data before passing it to other components.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47644","publishedAt":"2026-06-04T23:17:32.390Z","cveId":"CVE-2026-47644","cweIds":["CWE-74"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","Copilot Chat","Microsoft Edge"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-04T23:17:32.390Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0051"]}}