Microsoft patches three Copilot flaws that exposed company data
Microsoft fixed three network-based injection vulnerabilities on 9 May 2026. The flaws carried CVSS scores of 7.5 and required no privileges or user interaction. CVE-2026-26129 affected Business Chat, CVE-2026-26164 hit M365 Copilot, and CVE-2026-33111 targeted Copilot Chat. All three allowed attackers to extract intellectual property and internal records. The fixes were applied server-side. No user action was required.
Before the disclosure, teams treated Copilot's built-in filters as sufficient protection when the tool scanned emails, documents and chat history. The assumption was that Microsoft had already locked down the risky parts. The patches show that assumption was wrong. Injection attacks could reach data the user should never have seen, which means every organisation now has to treat permission boundaries as the primary control rather than a secondary one.
Analysis
Treat this as proof that broad Copilot access is a standing risk, not a solved problem. Open the Microsoft Purview portal today and remove Copilot's ability to index any SharePoint sites or OneDrive folders that contain sensitive material until you have reviewed every permission.
Citation
This executive briefing was curated and analyzed by Collab365. To reference this analysis, please attribute: "This briefing is available on Collab365 Spaces (spaces.collab365.com)".