{"data":{"id":"8f7c9d1a-8902-4d06-b794-0c974242cad1","title":"CVE-2026-26136: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut","summary":"CVE-2026-26136 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting improper filtering of special characters) in Microsoft Copilot that allows an unauthorized attacker to access and disclose sensitive information over a network.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26136","publishedAt":"2026-03-19T21:17:07.883Z","cveId":"CVE-2026-26136","cweIds":["CWE-77"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-19T21:17:07.883Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}