CVE Tools
Back to feed
BleepingComputer ·EN-US News source PoC publicMicrosoft 365 Copilot Enterprise Search

New attack turned Microsoft 365 Copilot into 1-click data theft tool

By Bill Toulas··3 min read
CVE Tools coverage

A newly detailed attack chain, dubbed SearchLeak, shows how Microsoft 365 Copilot Enterprise can be turned into a one-click data theft mechanism using a specially crafted URL. The technique targets sensitive content from a victim’s mailbox, OneDrive, or SharePoint by abusing Microsoft 365 Copilot Search, ultimately exfiltrating data via browser-driven and Bing-facilitated requests. Microsoft addressed the issue with fixes for CVE-2026-42824, rated critical, which is important because exploiting the weaknesses does not require additional user actions beyond clicking the link.