A vulnerability, which was classified as critical , has been found in Microsoft 365 Copilot . The impacted element is an unknown function. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2026-42824 . It is possible to initiate the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.