CVE Tools
Back to feed
The Hacker News ·EN News source PoC publicMicrosoft 365 Copilot Enterprise Search

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

By The Hacker News··3 min read
CVE Tools coverage

Researchers at Varonis Threat Labs describe a chained vulnerability in Microsoft 365 Copilot Enterprise Search that could let attackers steal emails, calendar information, and indexed files after a user clicks a seemingly legitimate microsoft.com link. The issue is tracked as CVE-2026-42824 and matters because it can also expose time-sensitive authentication material such as one-time codes and MFA codes, potentially enabling account takeover. Microsoft has issued a critical mitigation on its backend, but tenant admins still need to monitor for suspicious Copilot Search URLs and related outbound requests.