CVE-2026-33102

· NIST NVD ↗

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CRITICAL
CVSS severity
9.3
CVSS base score
2026-04-23
Published

CWE codes

CWE-601

Affected products

microsoft:365_copilot

Sources