AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-26136: Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMarch 19, 2026CVE-2026-26136

Summary

CVE-2026-26136 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting improper filtering of special characters) in Microsoft Copilot that allows an unauthorized attacker to access and disclose sensitive information over a network.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

required

Disclosure Date

March 19, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-77

CAPEC (Attack Pattern)

CAPEC-88

Affected Vendors

Microsoft

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: March 19, 2026 at 06:07 PM

Classified by LLM (prompt v3) · confidence: 85%