CVE-2026-33102

CRITICAL WAF: Medium
CVSS 9.3 Published: 2026-04-23
CWE-601

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

VendorProductVersion
microsoft365_copilot-

References

Back to CVE Database