CVE Tools
Back to feed
Dark Reading ·EN Restricted PoC publicMicrosoft 365 Copilot Enterprise Search

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

By Alexander Culafi··3 min read
CVE Tools coverage

Researchers describe a new Microsoft Copilot attack dubbed “SearchLeak” that can let an adversary exfiltrate user-accessible Microsoft 365 data, including emails, meeting notes, OneDrive files, and SharePoint documents, using a crafted Copilot Search link with no extra victim action. Varonis Threat Labs says the multi-stage issue relies on a lesser-known parameter-to-prompt Injection (P2P) pattern and can bypass protections by embedding attacker-controlled content in ways that trigger AI behavior before sanitization. Microsoft has patched the vulnerability as CVE-2026-42824, underscoring how prompt-injection weaknesses in LLM-based enterprise assistants can turn internal data access into an attacker-controlled output channel.