{"data":{"id":"3bc8d6c0-d5a7-4282-bc87-84e10e2efcac","title":"CVE-2026-48561: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut","summary":"CVE-2026-48561 is a command injection vulnerability (a flaw where an attacker tricks software into running unintended commands by inserting special characters into input) in Microsoft Copilot that allows an unauthorized attacker to execute code over a network. The vulnerability stems from improper handling of special elements in commands. Details about the severity and available fixes are still being assessed.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-48561","publishedAt":"2026-07-14T17:16:49.753Z","cveId":"CVE-2026-48561","cweIds":["CWE-77"],"cvssScore":"9.6","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-14T17:16:49.753Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}