Collab365 SpacesCollab365 Spaces
SpacesPricingHow It Works
Collab365 Spaces

AI changes work. Know what to do.

Follow Collab365

FacebookLinkedInInstagramX (Twitter)TikTokYouTube
Excellent on TrustpilotTrustScore 4.5/514 reviews

Platform

  • Explore Spaces
  • Create Account
  • Spaces Roadmap
  • For Teams

Company

  • How We're Surviving AI
  • Blog
  • Academy Login
  • About
  • Contact

Legal

  • Privacy
  • Terms
  • Cookie Policy

© 2026 Collab365 Spaces Limited. All rights reserved.

Badhan Ct, Castle St, Hadley, Telford, Shropshire, TF1 5QX, UK

AI changes work. Know what to do.

Microsoft patches three Copilot flaws that exposed company data

PulsePublished11 May11 May 2026
Microsoft patches three Copilot flaws that exposed company data

Microsoft fixed three network-based injection vulnerabilities on 9 May 2026. The flaws carried CVSS scores of 7.5 and required no privileges or user interaction. CVE-2026-26129 affected Business Chat, CVE-2026-26164 hit M365 Copilot, and CVE-2026-33111 targeted Copilot Chat. All three allowed attackers to extract intellectual property and internal records. The fixes were applied server-side. No user action was required.

Before the disclosure, teams treated Copilot's built-in filters as sufficient protection when the tool scanned emails, documents and chat history. The assumption was that Microsoft had already locked down the risky parts. The patches show that assumption was wrong. Injection attacks could reach data the user should never have seen, which means every organisation now has to treat permission boundaries as the primary control rather than a secondary one.

Analysis

Treat this as proof that broad Copilot access is a standing risk, not a solved problem. Open the Microsoft Purview portal today and remove Copilot's ability to index any SharePoint sites or OneDrive folders that contain sensitive material until you have reviewed every permission.

Read full story on cybersecuritynews.com

Pulse published by Collab365 Spaces. Cite as "Microsoft patches three Copilot flaws that exposed company data", Collab365 Spaces. 4 sources referenced.

spaces.collab365.com/posts/microsoft-patches-three-copilot-flaws-that-exposed-As9YrS

Have a question or correction?

No comments yet