Microsoft Copilot remote code execution flaw (CVE-2026-48561)
Vulnerability
Summary
Hide ▲
Show ▼
A CVE-2026-48561 remote code execution flaw in Microsoft Copilot can let an unauthorized attacker execute code over the network, creating remote takeover risk for affected users. The bug carries a 9.6 CVSS score and is tied to an exploit path involving a malicious website and Microsoft Edge for Android. Microsoft’s July 2026 patch cycle includes updates covering the issue.
Related Happenings
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
Vulnerability
H score46
First: 14.07.2026 23:25
Last: 14.07.2026 23:25
Sources 1
About this happening:
**CVE-2026-56164** is an **actively exploited** **SharePoint Server** vulnerability that lets an unauthenticated attacker **escalate privileges over the network**. The flaw puts *...
SharePoint Server unauthenticated privilege escalation flaw actively exploited (CVE-2026-56164)
VulnerabilityAbout this happening: **CVE-2026-56164** is an **actively exploited** **SharePoint Server** vulnerability that lets an unauthenticated attacker **escalate privileges over the network**. The flaw puts *...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Timeline
-
14.07.2026 22:22 2 articles · 3h ago
Microsoft patches CVE-2026-48561 in Copilot remote code execution flaw
Initial DisclosureMicrosoft released July Patch Tuesday updates for at least 570 security holes, and Action1 highlighted CVE-2026-48561 in Microsoft Copilot as a 9.6 CVSS remote code execution flaw that can let an unauthorized attacker execute code over the network. Microsoft says the attack path can involve a malicious website that causes Microsoft Edge for Android to send crafted prompts to Copilot when a user visits the site.
Show sources
- Microsoft Patches a Record 570 Security Flaws — krebsonsecurity.com — 14.07.2026 22:22
- Microsoft Patches a Record 570 Security Flaws — krebsonsecurity.com — 14.07.2026 22:22