CVE-2026-41106: Microsoft 365 Copilot Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Metrics
- CVSS v3.1
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An open redirect vulnerability in Microsoft 365 Copilot allows an unauthenticated remote attacker to redirect victims to an attacker-controlled site, enabling privilege escalation. The vulnerability is reachable over the network, requires no authentication, but does require the victim to follow a crafted link. Successful exploitation gives the attacker elevated privileges, with high impact to confidentiality and integrity of data accessible through the Copilot service. No fix version has been published yet; HarborGuard tracks the advisory and will make a patched rebuild available as soon as upstream ships one.
HarborGuard Coverage
Detection for CVE-2026-41106 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle Microsoft 365 Copilot components. Any image in a connected registry or CI pipeline that carries an affected version is flagged automatically.
AvailableHarborGuard is capable of scoring this CVE at its published CVSS v3.1 severity of 9.3 (Critical) and weighting that score against each customer organization's compliance policy to determine urgency and routing. Triage findings are delivered to the appropriate team inbox within each customer org based on configured policy rules.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Microsoft releases a remediated version. In the interim, HarborGuard surfaces compensating-control recommendations, such as network-policy isolation and egress filtering, to reduce exposure for affected workloads.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the target service over the network; the vulnerability is exposed via a network-accessible endpoint.
- AuthenticationNot required
No account or credentials are needed; the attacker can initiate the attack without any prior authentication.
- Victim interactionRequired
The victim must follow a crafted URL, making this a social-engineering vector where the attacker tricks a user into clicking a malicious link.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or environment-specific factors.
Blast Radius
- Attacker gains elevated privileges within Microsoft 365 Copilot, enabling access beyond the victim's own permission boundary.
- High confidentiality impact: the attacker can read data the victim's account has access to, including files, conversations, and AI-generated outputs surfaced by Copilot.
- High integrity impact: the attacker can modify or submit actions on behalf of the victim within the Copilot service, including altering documents or triggering Copilot commands.
- Availability is not directly impacted by this vulnerability; the service continues to run while the attacker operates with elevated access.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-41106 is active across all connected registries and pipelines, flagging any image that carries an affected version of Microsoft 365 Copilot components. Because Microsoft has not yet published a fix, HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available, with a PR opened against affected workloads for customers with auto-remediation enabled, as soon as an upstream fix is released. While no patch exists, customers can apply compensating controls: network-policy isolation to restrict which services can issue redirects, egress filtering to block outbound traffic to untrusted domains, and feature-flag gating to limit Copilot link-handling capabilities in high-risk environments. Where compliance policy permits, auto-remediation will handle the rebuild-and-PR flow without manual intervention the moment a fix version is available.
- Microsoft / Microsoft 365 Copilot-
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C