CVE-2026-48561: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut | AI Sec Watch