CVE-2026-21521 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-21521 PUBLISHED CVSS 7.400000095367432 HIGH

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

EPSS 0.06% · 19.9th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

0.06%

19.9th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft 365 Word Copilot	-
microsoft	365_word_copilot	-

Timeline

Jan 13, 2026 CVE Published
Jan 23, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 27, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score

References

Word Copilot Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-21521 advisory

Open in Interactive Console →