← All articles

One-click Microsoft 365 Copilot flaw could silently steal emails and codes

Researchers at Varonis disclosed SearchLeak, a flaw chain in Microsoft 365 Copilot Enterprise Search that let a single click on a legitimate microsoft.com link silently pull a victim's emails, calendar, and indexed files, including security and MFA codes, with no password or further interaction. It worked by smuggling instructions into the search URL's query parameter, which Copilot obeyed as commands, then exfiltrating the data through a Bing image request that bypassed content protections. Because the link used a real Microsoft domain, anti-phishing filters were unlikely to flag it. Microsoft assigned CVE-2026-42824, rated it critical, and fixed it on its backend, so no customer action is required.

Check
No patching is needed since Microsoft fixed this server-side; instead review what data Microsoft 365 Copilot can access and whether broad permissions would amplify a similar AI-assistant flaw.
Affected
Microsoft 365 Copilot Enterprise Search users were exposed (CVE-2026-42824) before Microsoft's server-side fix; the broader risk is any AI assistant that mixes untrusted input with access to internal data.
Fix
No customer action is required, as Microsoft has remediated the flaw. To reduce future AI-assistant risk, tighten Copilot data permissions, apply least privilege to identities, and monitor assistant activity.