“The command pgrep is executing without a full path, which means the script will search all directories in the $PATH variable for the existence of pgrep.”
Eye Security found that Microsoft Copilot Enterprise shipped a live Python sandbox with a startup script that called pgrep without an absolute path every two seconds. Drop a malicious pgrep earlier in $PATH and you get root. This is the kind of basic PATH injection that should get caught in any security review, but somehow made it into a flagship enterprise AI product. Microsoft classified it as moderate severity, which tracks with their general approach of treating security bugs in their own products as minor inconveniences.