SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-48561 2026-07-14

CVE-2026-48561: Critical Command Injection in Microsoft 365 Copilot Mobile Apps

"A critical (CVSS 9.6) command injection flaw in Microsoft 365 Copilot for Android and iOS lets an unauthorized attacker execute code over the network, requiring only user interaction to trigger."

A critical (CVSS 9.6) command injection flaw in Microsoft 365 Copilot for Android and iOS lets an unauthorized attacker execute code over the network, requiring only user interaction to trigger.

What Is It

CVE-2026-48561 is a command injection vulnerability (CWE-77) in Microsoft Copilot, caused by improper neutralization of special elements used in a command. According to Microsoft's advisory, the flaw allows an unauthorized attacker to execute code over a network. It carries a CVSS 3.1 base score of 9.6 (CRITICAL), with a vector of AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, network-reachable, low complexity, no privileges required, but requiring user interaction. The scope is marked as changed, and confidentiality, integrity, and availability impacts are all rated HIGH.

Why It Matters

Remote code execution against a widely deployed AI assistant is a serious exposure. Because privileges required is NONE and the attack vector is NETWORK, an attacker does not need prior access to the target. The changed scope indicates the impact can extend beyond the vulnerable component itself. The one mitigating factor is that user interaction is required, meaning an attacker must lure a user into some triggering action. No public evidence of active exploitation is present in the supplied data; there is no CISA KEV entry for this CVE.

What's Vulnerable

The following products are listed as affected:

Patch Status

The NVD record lists the vulnerability as "Undergoing Analysis" (published July 14, 2026). No specific patched version or required remediation action is included in the supplied source material. Microsoft's Security Response Center update guide is the authoritative reference for fix availability and mitigation guidance; consult it directly for the current patch status.

Sources