Inside CVE-2026-26133: M365 Copilot AI Command Injection Information Disclosure Vulnerability and How to Defend
Microsoft 365 Copilot turned office productivity into a conversational interface. It also expanded the enterprise attack surface in ways many security teams are still learning to model. CVE-2026-26133, documented by SentinelOne, is a wake-up call: an AI command injection flaw in M365 Copilot that allows remote, unauthenticated actors to induce information disclosure via malicious prompts…