CVE-2026-47644: Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Micr
Summary
CVE-2026-47644 is an injection vulnerability (a flaw where specially crafted input is not properly filtered before being used by another part of the system) in Microsoft Edge's Copilot Chat that allows an attacker to disclose information over a network without authorization. The vulnerability involves improper neutralization of special elements in output, meaning the system doesn't properly clean or validate data before passing it to other components.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
network
low
none
required
June 4, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-47644
First tracked: June 5, 2026 at 02:08 AM
Classified by LLM (prompt v3) · confidence: 85%