What Happened
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
Why It Matters
The report describes SearchLeak, a three-bug chain in Microsoft 365 Copilot Enterprise that could let an attacker exfiltrate emails, calendar details, MFA codes, and indexed files through a single crafted Microsoft link. Varonis and other coverage say Microsoft remediated the issue as a critical vulnerability, assigned CVE-2026-42824, and the attack relied on parameter-to-prompt injection, an HTML rendering race condition, and an SSRF-based CSP bypass. CyberSE.AI analysis: this is primarily a data leakage risk because the core impact is unauthorized disclosure from connected enterprise content, so organizations should review AI search trust boundaries, output sanitization, and allowlisted fetch paths in Copilot-style integrations.
CyberSE Analysis
This signal maps to data leakage. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html