A critical server-side vulnerability in Microsoft Copilot Studio grants illegal access to internal infrastructure

A critical vulnerability has been discovered in Microsoft’s Copilot Studio that poses significant risks to sensitive internal data. This flaw, identified as a Server-Side Request Forgery (SSRF), allows unauthorized access to internal infrastructure, potentially impacting multiple tenants.

The flaw identified by Tenable's research team is attributed to improper handling of redirect status codes in user-configurable actions, allowing attackers to manipulate HTTP requests.

scroll to top