CVE-2026-26164 | Microsoft 365 Copilots Business Chat Downstream injection

A vulnerability has been found in Microsoft 365 Copilots Business Chat and classified as critical. This issue affects some unknown processing of the component Downstream Component. Performing a manipulation results in injection.

This vulnerability is cataloged as CVE-2026-26164. It is possible to initiate the attack remotely. There is no exploit available.

This product is a managed service, so users do not have direct control over vulnerability countermeasures.VulDB Recent EntriesRead More