CVSS 9.3 · CRITICAL
CVE-2026-33102
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Ver en NVDAnálisis
Microsoft 365 Copilot is vulnerable to a critical URL redirection flaw that allows attackers to elevate privileges over the network. Organizations using Copilot for Microsoft 365 should ensure they are running the latest versions to prevent unauthorized access to sensitive corporate resources.
Severidad
Puntaje: 9.3(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NAV: NETWORK
AC: LOW
PR: NONE
UI: REQUIRED
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE):
CWE-601EPSS
Probabilidad de explotación (próx. 30 días): 0.0005 (0.0%)
Percentil: 15.0%
EPSS: 2026-05-06
Afecta
microsoft:365_copilotDescripción técnica
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Publicada: 23/4/2026, 22:16:37
Última modificación: 29/4/2026, 19:04:21