Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.Referenceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47644
