[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-41090":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-23T17:12:43.660Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":52,"aliases":53,"duplicate_of":9,"upstream":54,"downstream":55,"duplicates":56,"related":57,"reserved_at":9,"published_at":58,"modified_at":58,"state":59,"summary":60,"references_raw":69,"kevs":76,"epss":77,"epss_history":80,"metrics":82,"affected":88},"CVE-2026-41090","Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[],[],[],[],[],"2026-05-22T22:03:09.052Z","PUBLISHED",{"cisa_kev":61,"cisa_ransomware":61,"cisa_vendor":9,"epss_severity":62,"epss_score":63,"severity":64,"severity_score":65,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":59},false,"low",0.00048,"critical",9.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",[70],{"url":71,"sources":72,"tags":73},"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41090",[67],[74,75],"Vendor Advisory","Patch",[],{"date":78,"score":63,"percentile":79},"2026-05-23",0.14924,[81],{"date":78,"score":63,"percentile":79},[83],{"source":67,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":84,"cvss_v4_0":9},{"baseScore":65,"baseSeverity":85,"vectorString":68,"impactScore":86,"exploitabilityScore":87},"CRITICAL",9.7,7.2,[89],{"ecosystem":9,"name":90,"vendor":91,"product":92,"cpe_part":93,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":94},"Microsoft 365 Copilot for iOS","microsoft","microsoft 365 copilot for ios","a",[95],{"version":96,"is_range":61,"range_type":67,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"-"]