Common Vulnerabilities and Exposures (CVE)

CVE-2026-21521

Feb 13, 2026 20:41:06 UTC

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-21227

Feb 13, 2026 20:41:06 UTC

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-24307

Feb 13, 2026 20:41:05 UTC

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-24305

Feb 13, 2026 20:41:04 UTC

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2026-21524

Feb 13, 2026 20:41:04 UTC

Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

CVE-2026-24306

Feb 13, 2026 20:41:03 UTC

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-24304

Feb 13, 2026 20:41:03 UTC

Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

CVE-2026-21520

Feb 13, 2026 20:41:02 UTC

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdEl...

CVE-2026-21226

Feb 13, 2026 20:41:01 UTC

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

CVE-2026-20941

Feb 13, 2026 20:41:00 UTC

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVE-2026-20958

Feb 13, 2026 20:41:00 UTC

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVE-2026-20957

Feb 13, 2026 20:40:59 UTC

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20952

Feb 13, 2026 20:40:58 UTC

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20950

Feb 13, 2026 20:40:58 UTC

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Page: 152