CVE-2026-21520 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-21520 PUBLISHED CVSS 7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

EPSS 0.09% · 25.0th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:L/AR:L

EPSS Score

0.09%

25.0th percentile

Affected Products

Vendor	Product	Versions
microsoft	copilot_studio	-
Microsoft	Microsoft Copilot Studio	-

Timeline

Jan 13, 2026 CVE Published
Jan 23, 2026 EPSS Score
Jan 23, 2026 PoC Published
Jan 25, 2026 EPSS Score
Jan 27, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score

References

Copilot Studio Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-21520 advisory

Open in Interactive Console →