{"vulnerability": "cve-2026-21520", "sightings": [{"uuid": "2d340dd0-b90d-4c8e-bb80-7444d167d2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/yourlamentablefriends.com/post/3meppoqajec2e", "content": "", "creation_timestamp": "2026-02-13T04:55:23.989687Z"}, {"uuid": "c8591bf7-29a2-456c-ad44-3937815d40ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/yourlamentablefriends.com/post/3mepposicac2e", "content": "", "creation_timestamp": "2026-02-13T04:55:29.378133Z"}, {"uuid": "b86385cb-80f7-4911-835f-8f361d90d5da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/yourlamentablefriends.com/post/3mepposid7k2e", "content": "", "creation_timestamp": "2026-02-13T04:55:33.930192Z"}, {"uuid": "4d5cc25a-0e63-4301-9196-2d9564ff4c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3md2fjzsvog2x", "content": "", "creation_timestamp": "2026-01-23T00:02:38.304696Z"}, {"uuid": "0a2b1598-4a41-4667-95d4-0a876accd88f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/pradi005.bsky.social/post/3mjl4tgytqs2t", "content": "", "creation_timestamp": "2026-04-16T00:13:15.559416Z"}, {"uuid": "d755da32-8add-47ed-bd13-127faeb61474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/groovysecurity.bsky.social/post/3mkfuswoiy52s", "content": "", "creation_timestamp": "2026-04-26T15:31:41.588604Z"}, {"uuid": "51541328-7c95-463c-be00-59f5c914bed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://bsky.app/profile/ai-nerd.bsky.social/post/3ml3eyg2azh2n", "content": "the safety filters fired. they flagged the prompt injection. the agent exfiltrated customer data anyway.\n\nthat's the corner CVE-2026-21520 (Copilot Studio) paints us into: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21520", "creation_timestamp": "2026-05-05T04:46:59.242021Z"}, {"uuid": "9551cb69-645e-4e34-ab26-44da34e85409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "seen", "source": "https://t.me/securixy_kz/1313", "content": "\ud83d\udea8 CVE\u20112026\u201121520 - \u0443\u0442\u0435\u0447\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 Microsoft Copilot Studio\n\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0438\u0441\u043a: \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0432\u0435\u043a\u0442\u043e\u0440.\n\u0411\u0435\u0437 \u043f\u0440\u0430\u0432. \u0411\u0435\u0437 \u0442\u043e\u043a\u0435\u043d\u043e\u0432. \u0411\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\nCVSS: 7.5 HIGH\n\u0412\u0435\u043a\u0442\u043e\u0440: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\n\u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c tenant\u2011\u0434\u0430\u043d\u043d\u044b\u0435 Copilot Studio:\n\u2022 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0430\u0433\u0435\u043d\u0442\u043e\u0432\n\u2022 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u043e\u0432\n\u2022 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435\n\u2022 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0430\u0442\u0430\u043a\n\n\ud83d\udd27 \u041c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438:\n1. \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f MSRC\n2. \u043f\u0435\u0440\u0435\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u044b \u0438 \u0442\u043e\u043a\u0435\u043d\u044b\n\n\ud83d\udd0d \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438:\nhttps://windowsforum.com/threads/cve-2026-21520-copilot-studio-information-disclosure-and-mitigations.398290/", "creation_timestamp": "2026-07-12T22:00:06.056231Z"}, {"uuid": "3c63d429-b939-4dce-b365-b4944213e3e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21520", "type": "published-proof-of-concept", "source": "https://t.me/securixy_kz/1313", "content": "\ud83d\udea8 CVE\u20112026\u201121520 - \u0443\u0442\u0435\u0447\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 Microsoft Copilot Studio\n\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0438\u0441\u043a: \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0432\u0435\u043a\u0442\u043e\u0440.\n\u0411\u0435\u0437 \u043f\u0440\u0430\u0432. \u0411\u0435\u0437 \u0442\u043e\u043a\u0435\u043d\u043e\u0432. \u0411\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\nCVSS: 7.5 HIGH\n\u0412\u0435\u043a\u0442\u043e\u0440: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\n\u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c tenant\u2011\u0434\u0430\u043d\u043d\u044b\u0435 Copilot Studio:\n\u2022 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0430\u0433\u0435\u043d\u0442\u043e\u0432\n\u2022 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u043e\u0432\n\u2022 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435\n\u2022 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0430\u0442\u0430\u043a\n\n\ud83d\udd27 \u041c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u0438:\n1. \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f MSRC\n2. \u043f\u0435\u0440\u0435\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u044b \u0438 \u0442\u043e\u043a\u0435\u043d\u044b\n\n\ud83d\udd0d \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438:\nhttps://windowsforum.com/threads/cve-2026-21520-copilot-studio-information-disclosure-and-mitigations.398290/", "creation_timestamp": "2026-07-13T00:00:16.400719Z"}]}