A critical vulnerability dubbed "SearchLeak" has been discovered in Microsoft 365 Copilot Enterprise, allowing attackers to exfiltrate sensitive data with a single click. The vulnerability chain, identified by Varonis Threat Labs, exploits three distinct weaknesses to gain access to emails, passwords, and indexed organizational files. Microsoft has since patched the backend vulnerability and disclosed it with a critical severity rating, noting that no administrator action is required for the fix. AI
IMPACT Exposes enterprise AI assistants to prompt injection risks, highlighting the need for robust security measures in AI integrations.
RANK_REASON Discovery of a specific vulnerability in a widely used enterprise AI product.
- CVE-2026-42824
- Exchange
- M365 Copilot
- Microsoft
- Microsoft 365 Copilot Enterprise
- Microsoft Bing
- Microsoft OneDrive
- Microsoft SharePoint
- SearchLeak
- Varonis Threat Labs
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
