BREAKING
Microsoft Patches Copilot Flaw CVE-2026-42824
"SearchLeak" Found by Varonis Threat Labs
One-Click Attack in Three Stages
1
Prompt injection
↓
2
Race condition img
↓
3
SSRF leak
Enterprise Hit, Personal Safe
Enterprise
Affected
●
Deep corporate access
●
Email, files, calendar exposed
Personal
Safe
●
Not affected
0
Microsoft CVSS
0
NVD CVSS
0
Real-world abuse
A New Stage of AI Security Risk
AI NEWS BLITZ
Microsoft has patched a one-click data-theft flaw in M365 Copilot Enterprise.