A vulnerability was found in Microsoft Copilot Chat . It has been classified as critical . This vulnerability affects unknown code of the component Downstream . Performing a manipulation results in injection. This vulnerability is known as CVE-2026-47644 . Remote exploitation of the attack is possible. No exploit is available. This product is a managed service, indicating that users are not permitted to maintain vulnerability countermeasures themselves.