Chained Weaknesses Enabled Silent Data Theft
Researchers at Varonis Threat Labs uncovered a critical vulnerability chain in Microsoft 365 Copilot Enterprise Search that allowed attackers to extract emails, calendar items, and files with a single click. The exploit, named SearchLeak and tracked as CVE-2026-42824, combined three separate flaws into an automated data theft pipeline. Because the malicious link pointed to a legitimate microsoft.com domain, conventional security tools were unlikely to flag it. The attack required no manual input from the victim beyond clicking the URL.
How the Attack Worked
The first flaw involved parameter to prompt injection. The Copilot Search URL parameter meant for natural language queries could be manipulated to issue commands. An attacker could craft a link instructing Copilot to search a mailbox and embed an email title into an image URL. The second flaw exploited a race condition in how Copilot streams responses. The browser rendered injected HTML tags like img before Microsoft’s sanitization code could neutralize them. The third flaw leveraged Bing’s Search by Image feature, which is allowlisted in the Content Security Policy. Bing fetched the attacker’s URL on behalf of the browser, acting as an unwitting proxy for data exfiltration. The attacker could then read stolen data from their server logs.
Mitigation and Recommended Precautions
Microsoft patched the vulnerability server side in early June, meaning no customer action is required. However, the attack demonstrates how classic web flaws like server side request forgery and race conditions become dangerous when combined with AI prompt injection. Organizations using Copilot Enterprise should monitor for unusual search URLs containing encoded payloads and review outbound traffic to Bing image endpoints. Limiting the data Copilot can access through stricter governance also reduces potential exposure from future vulnerabilities.
Source: https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
