Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3875 articles · 175980 vulns · 37/41 feeds (7d)
← Back to list
9.6
CVE-2026-48561EXPLOITEDPATCHED
Microsoft · Microsoft 365 Copilot for Android

Microsoft Copilot Remote Code Execution Vulnerability

Description

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.

Affected Products

VendorProductVersions
MicrosoftMicrosoft 365 Copilot for Android1.0, 1.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftmicrosoft 365 copilot for iosmitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48561(vendor-advisory, patch)

Related News (4 articles)

Tier C
Qualys Blog1h ago
Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review 
→ No new info (linked only)
Tier C
Krebs on Security3h ago
Microsoft Patches a Record 570 Security Flaws
→ No new info (linked only)
Tier C
VulDB5h ago
CVE-2026-48561 | Microsoft Copilot Command Processor command command injection
→ No new info (linked only)
Tier A
Microsoft MSRC9h ago
CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability
→ No new info (linked only)
CVSS 3.19.6 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
publication
CWECWE-77
PublishedJul 14, 2026
Last enriched3h agov3
Tags
remote code execution
Trending Score69
Source articles4
Independent4
Info Completeness11/14
Missing: epss, kev, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 138
MEDIUMCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 135
HIGHCVE-2026-50656EXP
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 100
HIGHCVE-2026-41091EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 72
CRITICALCVE-2026-55040EXP
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a security feature over a network.
Trending: 72

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, exploitAvailable, activelyExploited
Jul 14, 2026
Updated: iocs, tags
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Exploit Available
Jul 14, 2026
Patch Available
Jul 14, 2026

Version History

v3
Last enriched 3h ago
v3Tier C3h ago

Updated description with exploitation details, confirmed CVSS score, added IOC for malicious website, and included new tag for remote code execution.

iocstags
via Krebs on Security
v2Tier A6h ago

Added a detailed description of the vulnerability and updated exploit availability to true.

descriptionexploitAvailableactivelyExploited
via Microsoft MSRC
v16h ago

Initial creation