CVE-2026-54130EXPLOITEDPATCHED

microsoft · m365 copilot

M365 Copilot Information Disclosure Vulnerability

Description

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Affected Products

Vendor	Product	Versions
microsoft	m365 copilot	-

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	microsoft 365 copilot	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130(vendor-advisory, patch)

Related News (3 articles)

Tier B

BSI Advisories5d ago

[NEU] [hoch] Microsoft 365 Copilot: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB8d ago

CVE-2026-54130 | Microsoft M365 Copilot missing authentication

→ No new info (linked only)

Tier A

Microsoft MSRC9d ago

CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130

CWECWE-306

PublishedJun 18, 2026

Last enriched5d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-45585EXP

Windows BitLocker Security Feature Bypass Vulnerability

Trending: 45

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 35

HIGHCVE-2026-41091EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 35

MEDIUMCVE-2026-45498EXPKEV

Microsoft Defender Denial of Service Vulnerability

Trending: 32

CRITICALCVE-2026-45480

Azure Active Directory Elevation of Privilege Vulnerability

Trending: 30

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 18, 2026

Discovered by ZDM

Jun 18, 2026

Updated: description, exploitAvailable, activelyExploited, tags

Jun 22, 2026

Actively Exploited

Jun 26, 2026

Exploit Available

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

Last enriched 5d ago

v2Tier B5d ago

Updated description with new technical details, marked exploit as available, and noted active exploitation along with new tags.

descriptionexploitAvailableactivelyExploitedtags

via BSI Advisories

v19d ago

Initial creation