Impact
An improper neutralization of special elements used as part of a command in Copilot Chat enables an unauthorized attacker to cause the application to disclose information over a network. The weakness, classified as CWE‑77, does not guarantee arbitrary command execution, but it can lead to leakage of sensitive data handled by the application.
Affected Systems
Microsoft Copilot Chat, a feature of Microsoft Edge. No specific product version is listed in the advisory, so any installation containing the Copilot Chat component of Microsoft Edge may be affected.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity impact. The EPSS score of 1% suggests a low probability of widespread exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote; an attacker would need to interact with the Copilot Chat interface or supply crafted input that triggers the command‑injection mechanism to have the application transmit disclosed information over a network.
OpenCVE Enrichment