CVE-2026-26133 is an information disclosure vulnerability identified in Microsoft 365 Copilot for Android version 1.0. The issue stems from an AI command injection flaw, where an attacker can inject malicious commands into the AI assistant's processing pipeline. This injection enables the attacker to cause the application to disclose sensitive information over the network without requiring any privileges. The vulnerability requires user interaction, such as triggering the AI assistant, but no prior authentication or elevated permissions are needed. The CVSS 3.1 base score is 7.1, reflecting a network attack vector with low attack complexity and no privileges required, but user interaction is necessary. The impact on confidentiality is high, as sensitive data can be leaked, while integrity is only slightly affected and availability is not impacted. The vulnerability was reserved in February 2026 and published in March 2026, with no known exploits in the wild at the time of disclosure. The lack of available patches means organizations must rely on mitigation strategies until updates are released. The vulnerability highlights risks inherent in AI-driven command processing in mobile productivity applications, especially when commands can be manipulated to exfiltrate data.

The primary impact of CVE-2026-26133 is the unauthorized disclosure of sensitive information from Microsoft 365 Copilot for Android devices. This can lead to exposure of confidential corporate data, personally identifiable information, or other sensitive content processed or accessible through the AI assistant. Organizations relying on M365 Copilot on Android may face data breaches, regulatory compliance issues, and reputational damage. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to trigger exploitation. The lack of integrity and availability impact means the threat is focused on confidentiality breaches rather than system disruption or data manipulation. Given the widespread use of Microsoft 365 and Android devices globally, the scope of affected systems is significant, particularly in enterprises adopting AI-powered productivity tools. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

Until an official patch is released, organizations should implement several targeted mitigations: 1) Educate users about the risks of interacting with unsolicited or suspicious AI commands and reinforce awareness of social engineering tactics that could trigger the vulnerability. 2) Restrict or monitor network traffic from Android devices running Microsoft 365 Copilot to detect anomalous data exfiltration patterns, using advanced network detection tools capable of identifying unusual outbound connections or data flows. 3) Employ mobile device management (MDM) solutions to control app permissions and limit the exposure of sensitive data accessible to M365 Copilot. 4) Temporarily disable or restrict the use of Microsoft 365 Copilot on Android devices in high-risk environments until patches are available. 5) Monitor official Microsoft security advisories closely for patch releases and apply updates promptly. 6) Implement endpoint detection and response (EDR) solutions to identify suspicious behaviors related to AI command injection attempts. These steps go beyond generic advice by focusing on user behavior, network monitoring, and device control specific to the nature of this AI-driven vulnerability.