Executive Summary
A critical open redirect vulnerability in Microsoft 365 Copilot allows an unauthenticated network attacker to perform privilege escalation by manipulating URL redirections within the service. Assigned CVE-2026-41106 and rated CVSS 9.3 Critical, the flaw was reported to Microsoft and addressed through a security update.
Vulnerability Details
| Field | Details |
|---|---|
| CVE | CVE-2026-41106 |
| CVSS | 9.3 (Critical) |
| Type | URL Redirection to Untrusted Site (CWE-601) |
| Component | Microsoft 365 Copilot |
| Authentication | None required |
| Privileges Required | None |
| User Interaction | Required (victim follows crafted link) |
| Impact | Privilege Escalation |
Technical Analysis
Open redirect vulnerabilities occur when a web application accepts a user-controlled input as a URL to redirect to after authentication or other user actions, without validating that the target URL belongs to a trusted domain.
In the case of CVE-2026-41106, Microsoft 365 Copilot's redirect handling allows an attacker to craft a specially formed URL that redirects a victim through the trusted M365 Copilot domain to an attacker-controlled site. Because the initial URL appears to originate from a legitimate Microsoft 365 Copilot endpoint, users and security controls are less likely to flag or block it.
Privilege Escalation Vector
The critical severity of this open redirect stems from its ability to facilitate privilege escalation over a network. Likely attack chains include:
-
OAuth token theft: The crafted redirect intercepts OAuth authorization codes or access tokens passed as URL parameters during authentication flows. An attacker redirecting users through a Copilot URL to their own server can capture these tokens and use them to authenticate as the victim.
-
Phishing with implied legitimacy: A redirect through
*.microsoft.comor*.copilot.microsoft.comdomains bypasses many email security controls that filter or block external URLs. This allows highly convincing phishing lures. -
Session hijacking via token leakage: If Copilot passes session or authorization parameters in the redirect URL, these can be captured by the attacker's landing server via the HTTP
Refererheader.
Impact
- Privilege escalation: Attacker can obtain tokens scoped to elevated permissions within the Microsoft 365 environment.
- Account compromise: Captured OAuth tokens grant access to Microsoft 365 resources including email, documents, Teams, and Copilot data.
- Zero-user-trust phishing: Lures using legitimate Microsoft domains bypass organizational email security filters and web proxies.
- Enterprise-wide blast radius: M365 Copilot is deployed across enterprise environments with broad access to organizational data.
Affected Products
| Product | Status |
|---|---|
| Microsoft 365 Copilot | Patched — apply latest Microsoft security updates |
Microsoft addresses M365 service-side vulnerabilities through server-side updates. No end-user action is typically required beyond ensuring your tenant is receiving updates.
Remediation
For Organizations
- Verify your tenant is on the latest Microsoft 365 service updates — Microsoft typically patches service-side flaws without requiring end-user installation.
- Enable Conditional Access policies — Require compliant devices and MFA for all M365 Copilot access.
- Monitor OAuth token usage — Audit sign-in logs (Azure AD / Entra ID) for tokens issued to unexpected applications or redirect URIs.
- Educate users on phishing — Even URLs that appear to originate from
*.microsoft.comcan be weaponized via open redirects.
Detection
Monitor Azure Entra ID sign-in logs for:
- OAuth authorization codes redirected to non-Microsoft reply URLs.
- Sign-ins from unexpected geographic locations immediately following Copilot interactions.
- Tokens with unusually broad scope claims that were not explicitly granted.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Confidentiality / Integrity / Availability: High
Open redirect vulnerabilities are frequently dismissed as low severity, but CVE-2026-41106 demonstrates the real-world danger when they exist in high-trust OAuth flows within widely deployed enterprise platforms. The combination of zero required privileges, a trusted Microsoft domain, and OAuth token exposure elevates this to critical.