PatchSiren cyber security CVE debrief
CVE-2026-47644 Microsoft CVE debrief
CVE-2026-47644 is a vulnerability in Copilot Chat (Microsoft Edge) that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. It was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability is caused by improper neutralization of special elements in output used by a downstream component ('injection').
- Vendor
- Microsoft
- Product
- Copilot Chat
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Users of Copilot Chat (Microsoft Edge) should be aware of this vulnerability and take necessary precautions to protect themselves.
Technical summary
The vulnerability is caused by improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge). This allows an unauthorized attacker to disclose information over a network.
Defensive priority
MEDIUM
Recommended defensive actions
- Users should ensure they are running the latest version of Copilot Chat (Microsoft Edge).
- Users should be cautious when interacting with Copilot Chat (Microsoft Edge) to avoid potential exploitation.
Evidence notes
The vulnerability has been analyzed and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.
Official resources
-
CVE-2026-47644 CVE record
CVE.org
-
CVE-2026-47644 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-47644 was published on 2026-06-04T23:17:32.390Z and modified on 2026-06-08T13:57:25.030Z.