Microsoft Copilot SearchLeak Flaw Enables 1-Click Data Theft
Researchers disclosed SearchLeak, a prompt-injection attack on Microsoft Copilot (M365 Enterprise) that lets attackers exfiltrate emails, meeting notes, OneDrive/SharePoint files, passwords, and sensitive documents via a crafted link. Tracked as CVE-2026-42824 (CVSS 6.5). Microsoft has patched it; no user action required and no wild exploitation reported.
- emails
- files
- credentials
A vulnerability in Microsoft Copilot allowed attackers to steal emails, meeting notes, OneDrive and SharePoint files, passwords, and other sensitive documents simply by tricking users into clicking a specially crafted link.
Researchers disclosed the flaw, tracked as CVE-2026-42824 with a CVSS score of 6.5, on June 15, 2026. The attack, dubbed SearchLeak, relied on prompt injection techniques targeting the Copilot search function within Microsoft 365 Enterprise environments. Public reporting indicates the vulnerability enabled one-click data exfiltration without requiring the attacker to be authenticated or to have prior access to the victim's account. Microsoft has since patched the issue, and available reporting describes no evidence of exploitation in the wild. The number of affected users remains unknown.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →