Researchers at Varonis Threat Labs have discovered and demonstrated a one-click data exfiltration vulnerability, dubbed "SearchLeak," in Microsoft 365 Copilot (Enterprise Search). A single click on a trusted microsoft.com link could let an attacker silently pull a user's emails, MFA codes, meeting notes and files stored in SharePoint/OneDrive.
CVE-2026-42824 · Varonis Threat Labs
"SearchLeak": One Click on a Real Microsoft Link Could Silently Drain Copilot Data
A three-stage flaw in Microsoft 365 Copilot Enterprise Search let attackers exfiltrate emails, MFA codes, meeting notes and SharePoint files — with no extra permission and no second click. Microsoft has since fixed it on the backend.
1
click needed — no permission grant, no second action
3
stage exploit chain: P2P injection → race condition → SSRF
6.5/7.5
CVSS severity — Microsoft / NVD ratings
How one click leaked the data — the chain
STAGE 1
P2P Injection
A string in the URL q parameter runs directly as a Copilot search instruction.
→
STAGE 2
Race Condition
A brief <img> render beats the guardrail that should wrap output safely.
→
STAGE 3
SSRF Exfiltration
CSP-allowed *.bing.com fetches an attacker URL, sending data out.
Because the link lives on a legitimate microsoft.com domain, it slips past phishing and URL-filtering defenses.
What an attacker could pull
All of a victim's Microsoft Graph data was reachable in one shot:
Email subjects & bodies — including MFA / OTP codes
Meeting attendees, agendas and notes
Files indexed in SharePoint & OneDrive
The Copilot leak lineage
SearchLeak · one click
Enterprise Search · CVE-2026-42824
Reprompt · one click
Copilot Personal
EchoLeak · zero-click
M365 Copilot · CVE-2025-32711
CREDITED
Microsoft fixed the flaw on the backend after responsible disclosure — no customer action required , and no exploitation in the wild observed.
FLAGGED
Enterprise guardrails proved insufficient, and phishing-immune microsoft.com links make prompt-injection resistance and least-privilege access urgent.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…