CVE-2026-33102

CRITICAL CVSS 9.3 View on NVD ↗

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Published: Apr 23, 2026 22:16 UTC Modified: Apr 24, 2026 14:41 UTC