Critical Microsoft 365 Copilot Vulnerability Exposed Sensitive Data via SearchLeak Attack
A recently patched critical vulnerability in Microsoft 365 Copilot Enterprise, dubbed SearchLeak (CVE-2026-42824), allowed attackers to exfiltrate sensitive data including emails, passwords, calendar events, and SharePoint documents through a malicious URL. The flaw, rated critical by Microsoft, was addressed earlier this month.
Researchers at Varonis discovered the attack chain, which combined three distinct vulnerabilities:
- Parameter-to-prompt (P2P) injection – Exploited Copilot’s URL parameter (
q) to force searches of a victim’s mailbox or OneDrive. - HTML rendering race condition – Temporarily rendered attacker-controlled HTML before sanitization, enabling outbound requests via
<img>tags. - Bing SSRF bypass – Leveraged Bing’s "Search by Image" feature to bypass content security policies (CSP), using Bing as an unwitting proxy to exfiltrate data.
The attack required no user interaction beyond clicking a crafted link. Copilot would execute the search, embed stolen data in an image URL, and transmit it to the attacker’s server via Bing all without the victim’s knowledge. From the user’s perspective, Copilot appeared to be processing a routine query.
Varonis emphasized that older vulnerabilities like SSRF and HTML injection become far more dangerous when combined with AI-driven prompt manipulation, creating new attack surfaces in enterprise systems. The fix eliminates the threat, requiring no further action from users.
Microsoft cybersecurity rating report: https://www.rankiteo.com/company/microsoft
"id": "MIC1781541072",
"linkid": "microsoft",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Cloud Services',
'name': 'Microsoft 365 Copilot Enterprise',
'type': 'Software/Service'}],
'attack_vector': 'Malicious URL (Phishing/Clickjacking)',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Emails',
'Passwords',
'Calendar events',
'SharePoint documents']},
'description': 'A recently patched critical vulnerability in Microsoft 365 '
'Copilot Enterprise, dubbed SearchLeak (CVE-2026-42824), '
'allowed attackers to exfiltrate sensitive data including '
'emails, passwords, calendar events, and SharePoint documents '
'through a malicious URL. The flaw was addressed earlier this '
'month by Microsoft.',
'impact': {'data_compromised': 'Emails, passwords, calendar events, '
'SharePoint documents',
'identity_theft_risk': 'High',
'systems_affected': 'Microsoft 365 Copilot Enterprise'},
'investigation_status': 'Resolved (Patched)',
'lessons_learned': 'Older vulnerabilities like SSRF and HTML injection become '
'far more dangerous when combined with AI-driven prompt '
'manipulation, creating new attack surfaces in enterprise '
'systems.',
'post_incident_analysis': {'corrective_actions': 'Patch for CVE-2026-42824',
'root_causes': ['Parameter-to-prompt (P2P) '
'injection',
'HTML rendering race condition',
'Bing SSRF bypass']},
'references': [{'source': 'Varonis'}],
'response': {'containment_measures': 'Patch released by Microsoft',
'remediation_measures': 'Fix for CVE-2026-42824',
'third_party_assistance': 'Varonis (Researchers)'},
'title': 'Critical Microsoft 365 Copilot Vulnerability Exposed Sensitive Data '
'via SearchLeak Attack',
'type': 'Data Exfiltration',
'vulnerability_exploited': ['Parameter-to-prompt (P2P) injection',
'HTML rendering race condition',
'Bing SSRF bypass']}