Technology Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.April 16, 20260 Microsoft assigned CVE-2026-21520, a CVSS 7.5 oblique immediate injection vulnerability, to Copilot Studio. Capsule Safety found the flaw, coordinated disclosure…
