{"data":{"id":"98c04000-5d2b-4c80-928b-baabc37ac23a","title":"CVE-2026-42893: Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz","summary":"CVE-2026-42893 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting how special characters are handled) in Microsoft 365 Copilot that allows an unauthorized attacker to tamper with data over a network. The vulnerability has a CVSS 4.0 severity rating (a moderate score on the 0-10 vulnerability severity scale). This issue was reported by Microsoft Corporation and published in May 2026.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42893","publishedAt":"2026-05-12T18:17:26.343Z","cveId":"CVE-2026-42893","cweIds":["CWE-77"],"cvssScore":"7.4","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","M365 Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T18:17:26.343Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}