PatchSiren cyber security CVE debrief
CVE-2026-58617 Microsoft CVE debrief
CVE-2026-58617 is a HIGH severity vulnerability in Microsoft 365 Copilot for iOS, with a CVSS score of 8.1. The vulnerability is due to improper access control, allowing an unauthorized attacker to elevate privileges over a network. Organizations should prioritize patching to prevent potential privilege escalation attacks. This vulnerability affects Microsoft 365 Copilot for iOS and has a significant impact due to its high CVSS score.
- Vendor
- Microsoft
- Product
- Microsoft 365 Copilot for iOS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Organizations using Microsoft 365 Copilot for iOS should prioritize patching this vulnerability to prevent potential privilege escalation attacks. Security teams and vulnerability management teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by improper access control in Microsoft 365 Copilot for iOS. An unauthorized attacker can exploit this vulnerability to elevate privileges over a network. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. This technical summary is based on information from the CVE and NVD records.
Defensive priority
High priority should be given to patching this vulnerability, as it can allow an attacker to elevate privileges. Defenders should focus on verifying affected deployments, reviewing official advisories, and implementing compensating controls if necessary.
Recommended defensive actions
- Apply the patch provided by Microsoft
- Verify that Microsoft 365 Copilot for iOS is updated to version 2.111.4 or later
- Monitor for suspicious activity
- Implement compensating controls
- Conduct regular vulnerability assessments
Evidence notes
The CVE record was published on 2026-07-14T18:18:44.260Z and was last modified on 2026-07-16T20:09:34.043Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD information. Defenders should verify affected Microsoft 365 Copilot for iOS deployments and review official advisories.
Official resources
-
CVE-2026-58617 CVE record
CVE.org
-
CVE-2026-58617 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:44.260Z and has not been modified since then. The NVD entry is currently Analyzed.