Primary

Context

Microsoft Outlook for iOS Command Injection Tampering Vulnerability

Vulnerability

A command injection vulnerability has been identified in Microsoft Outlook for iOS, specifically in the M365 Copilot feature. This vulnerability allows unauthorized attackers to manipulate data over a network. The issue arises from improper handling of special elements in commands, enabling potential tampering.

Impact

Exploitation of this vulnerability could lead to unauthorized tampering with data transmitted over the network.

Remediation

Users can download the security update for Microsoft Outlook for iOS from the Apple App Store.

Added: May 12, 2026, 7:02 PM

Updated: May 12, 2026, 7:02 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Outlook for iOS Command Injection Tampering Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft M365 Copilot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating