{"data":{"id":"d6bd5e4b-536b-4224-9f5a-1fb9e4140c0a","title":"CVE-2026-26137: Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate pri","summary":"CVE-2026-26137 is a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted network requests on their behalf) in Microsoft 365 Copilot's Business Chat that allows an authorized attacker to gain elevated privileges over a network. The vulnerability affects an exclusively hosted service and was published on March 19, 2026.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26137","publishedAt":"2026-03-19T21:17:08.050Z","cveId":"CVE-2026-26137","cweIds":["CWE-918"],"cvssScore":"8.9","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft 365 Copilot","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-19T21:17:08.050Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}