In summary: A single click on a manipulated Microsoft link was sufficient to exfiltrate sensitive data such as one-time passwords and corporate files through parameter-to-prompt injection.
Varonis Threat Labs identified a critical vulnerability in Microsoft 365 Copilot Enterprise Search (CVE-2026-42824) through which attackers could steal emails, MFA codes, and files using a crafted link. Microsoft has since patched the flaw on its backend servers.
Attack vector and technical exploitation: The vulnerability, designated SearchLeak, combined three distinct errors: attackers exploited the q-parameter in the Copilot search URL, which is intended for natural language queries. However, the system processed the embedded data as direct instructions to the chatbot (parameter-to-prompt injection). Because the attack occurred via the legitimate microsoft.com domain, the crafted links bypassed conventional anti-phishing and URL filtering tools.
Mechanism of data extraction: After clicking the crafted link, Copilot automatically searched the logged-in user’s mailbox for content and attempted to embed it in an image URL. A timing flaw in the system (race condition) allowed the browser to render the image element during data transmission before Microsoft’s security barriers could block the code. The attack script used Bing’s image search function as a proxy to circumvent the Content Security Policy and redirect stolen data to the attacker’s server, where it was readable in server logs.
Affected data: Attackers obtained the same permissions as the logged-in user through the Microsoft Graph system. This enabled access to time-critical data such as one-time passwords (OTP), multi-factor authentication codes, and password reset links, which are often valid for only a few minutes. Additionally, calendar invitations, meeting notes, and corporate data stored in SharePoint and OneDrive such as salary tables or acquisition plans could be read.
Risk assessment and remediation: Microsoft rates the vulnerability with a CVSS score of 6.5, the National Vulnerability Database with 7.5. Varonis demonstrated the vulnerability as part of a proof of concept; active exploitation was not observed. Since Microsoft 365 Copilot is a fully managed cloud service, Microsoft patched the flaw directly on its backend servers. System administrators do not need to manually apply updates.
Source: www.it-daily.net · Published 16 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.