A vulnerability, which was classified as critical , has been found in Microsoft Copilot . Affected by this vulnerability is an unknown functionality. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2026-42895 . The attack can only be initiated within the local network. No exploit exists.