- A one-click exploit called SearchLeak could exfiltrate emails, calendar details, and indexed files from Microsoft 365 Copilot Enterprise Search.
- The attack chained three bugs: a “Parameter-to-Prompt injection,” a race condition in response sanitization, and a CSP bypass using Bing’s image search.
- Microsoft mitigated the critical flaw, assigned CVE-2026-42824, on its backend; no customer action was required.
On June 15, 2026, security researchers at Varonis Threat Labs disclosed a critical vulnerability in Microsoft 365 Copilot Enterprise Search. A single click on a malicious Microsoft link could have let an attacker steal sensitive data. Dubbed SearchLeak, this flaw exploited AI-specific weaknesses alongside classic web bugs, according to the researchers.
The attack chain began with a Parameter-to-Prompt injection via the search URL. Consequently, Copilot would execute injected commands to pull data like email subjects. This data was then embedded into an image tag before security guardrails could activate.
Meanwhile, a race condition allowed the browser to render the malicious tag during streamed output. The browser’s Content Security Policy was bypassed by pointing the image to a Bing.com endpoint. Bing would then fetch the attacker’s URL, acting as an unwitting exfiltration proxy.
The potential impact was significant, as Copilot inherits the signed-in user’s access. An attacker could thus harvest one-time codes, MFA tokens, or password-reset links directly from the victim’s inbox. Furthermore, calendar invites, meeting notes, and indexed files from SharePoint or OneDrive were also at risk.
Microsoft assigned CVE-2026-42824 to the flaw, which the National Vulnerability Database also listed. This incident follows a similar pattern demonstrated earlier by Varonis against Copilot Personal. It also echoes the EchoLeak vulnerability (CVE-2025-32711) disclosed by Aim Security in 2025.
The company mitigated the issue on its backend, so customers needed no action. For defense, organizations were advised to monitor for suspicious Copilot search URLs and unusual requests to Bing. Tightening data-access governance for Copilot was also recommended to limit potential exposure.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
