PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58617 Microsoft CVE debrief

CVE-2026-58617 is a HIGH severity vulnerability in Microsoft 365 Copilot for iOS, with a CVSS score of 8.1. The vulnerability is due to improper access control, allowing an unauthorized attacker to elevate privileges over a network. Organizations should prioritize patching to prevent potential privilege escalation attacks. This vulnerability affects Microsoft 365 Copilot for iOS and has a significant impact due to its high CVSS score.

Vendor
Microsoft
Product
Microsoft 365 Copilot for iOS
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Organizations using Microsoft 365 Copilot for iOS should prioritize patching this vulnerability to prevent potential privilege escalation attacks. Security teams and vulnerability management teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability is caused by improper access control in Microsoft 365 Copilot for iOS. An unauthorized attacker can exploit this vulnerability to elevate privileges over a network. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. This technical summary is based on information from the CVE and NVD records.

Defensive priority

High priority should be given to patching this vulnerability, as it can allow an attacker to elevate privileges. Defenders should focus on verifying affected deployments, reviewing official advisories, and implementing compensating controls if necessary.

Recommended defensive actions

  • Apply the patch provided by Microsoft
  • Verify that Microsoft 365 Copilot for iOS is updated to version 2.111.4 or later
  • Monitor for suspicious activity
  • Implement compensating controls
  • Conduct regular vulnerability assessments

Evidence notes

The CVE record was published on 2026-07-14T18:18:44.260Z and was last modified on 2026-07-16T20:09:34.043Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD information. Defenders should verify affected Microsoft 365 Copilot for iOS deployments and review official advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:44.260Z and has not been modified since then. The NVD entry is currently Analyzed.