CVE-2026-58617 - M365 Copilot for iOS Elevation of Privilege Vulnerability - is an improper access control issue that can lead to elevation of privilege in M365 Copilot for iOS. Microsoft rates it CVSS v3.1 base 8.1 (High) with a temporal score of 7.1. The vector is network-based, with low attack complexity, no privileges required, and user interaction required. Microsoft lists the issue as not publicly disclosed and not exploited, with exploit code maturity unproven. This is a high-severity issue, but the required user interaction means it is not a no-click network compromise. Highlights: - CVSS scores: Base 8.1 - Temporal 7.1 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality impact HIGH, integrity impact HIGH, availability impact NONE. - Exploitation likelihood: Exploitation Less Likely; network vector and low attack complexity increase exposure, but user interaction is required. - Severity for enterprise: High severity from a technical standpoint, with meaningful enterprise risk where M365 Copilot for iOS is used and users can be induced to interact with content, but lower than a network service exploitable without user action. - Patch status: available Affected systems: - No affected products listed