A significant security vulnerability in Microsoft 365 Copilot, dubbed ‘SearchLeak,’ was recently identified by Varonis Threat Labs. This flaw allowed attackers to extract sensitive user data—including emails, calendar information, and indexed files—through a single click on a seemingly legitimate Microsoft link.
The exploit combined three distinct issues. First, the ‘q’ parameter in the Copilot Enterprise Search URL, intended for natural-language queries, could be manipulated to execute unintended commands. Second, a race condition in the response rendering process enabled the execution of malicious code before security measures could neutralize it. Lastly, the Content Security Policy (CSP) permitted images from ‘*.bing.com,’ which attackers exploited to exfiltrate data via Bing’s infrastructure.
By crafting a malicious URL, an attacker could prompt Copilot to search a user’s mailbox, extract specific email content, and embed it within an image URL. When the victim clicked the link, Copilot executed these commands without further user interaction, sending the extracted data to the attacker’s server through Bing’s image search feature.
Microsoft assigned this vulnerability the identifier CVE-2026-42824 and classified it as critical. The company has since mitigated the issue on its backend, ensuring that customers are no longer at risk. Notably, there have been no reports of this exploit being used in the wild; the findings were based on a proof-of-concept by Varonis.
This incident underscores the evolving nature of security threats in AI-driven platforms. As AI systems like Microsoft 365 Copilot become more integrated into enterprise environments, they present new attack vectors that traditional security measures may not fully address. Organizations must remain vigilant, continuously updating their security protocols to account for these emerging threats.
