The Hacker News ·EN News source PoC publicMicrosoft 365 Copilot Enterprise Search
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
CVE Tools coverage
Researchers at Varonis Threat Labs describe a chained vulnerability in Microsoft 365 Copilot Enterprise Search that could let attackers steal emails, calendar information, and indexed files after a user clicks a seemingly legitimate microsoft.com link. The issue is tracked as CVE-2026-42824 and matters because it can also expose time-sensitive authentication material such as one-time codes and MFA codes, potentially enabling account takeover. Microsoft has issued a critical mitigation on its backend, but tenant admins still need to monitor for suspicious Copilot Search URLs and related outbound requests.