{"data":{"id":"a7617868-b609-4284-a6fa-e22afa7d25d7","title":"CVE-2026-45497: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an autho","summary":"CVE-2026-45497 is a command injection (a flaw where special characters in user input are not properly filtered, allowing an attacker to insert and run unintended commands) vulnerability in Microsoft Copilot that lets an authorized attacker execute code over a network. The vulnerability has not yet received a CVSS score (a 0-10 rating of how severe a vulnerability is) from NIST.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45497","publishedAt":"2026-06-04T23:17:32.250Z","cveId":"CVE-2026-45497","cweIds":["CWE-77"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-04T23:17:32.250Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}