{"data":{"id":"a8cf996a-a675-4af3-b3ec-18c7f6ce6845","title":"CVE-2026-42824: Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz","summary":"CVE-2026-42824 is a command injection vulnerability (a flaw where an attacker inserts malicious commands into user input that gets executed by the system) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability stems from improper neutralization of special elements in commands. A CVSS score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42824","publishedAt":"2026-06-04T23:17:32.077Z","cveId":"CVE-2026-42824","cweIds":["CWE-77"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","M365 Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-04T23:17:32.077Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}