Kaspersky ID:
KLA91149
Detect Date:
07/14/2026
Updated:
07/15/2026

Description

Multiple vulnerabilities were found in Microsoft Copilot Plugin. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in GitHub Copilot can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Game: Age of Empires II: Definitive Edition can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Minecraft Bedrock Dedicated Server can be exploited remotely to execute arbitrary code.
  4. A tampering vulnerability in Outlook Copilot can be exploited remotely to spoof user interface.

Original advisories

Exploitation

CVE list

  • CVE-2026-50663
    critical
  • CVE-2026-50510
    critical
  • CVE-2026-55010
    unknown
  • CVE-2026-55145
    unknown

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Do you want to save your changes?
Your message has been sent successfully.