Black & White Path
Jun 16, 2026 · Information Security
One‑Click Link Exposes Enterprise Data Through Microsoft 365 Copilot Vulnerability
SearchLeak is a critical, three‑stage vulnerability chain in Microsoft 365 Copilot Enterprise that lets an attacker exfiltrate MFA codes, emails, calendar details and confidential files with a single click by abusing the q parameter, bypassing Copilot’s HTML sanitization, and leveraging Bing’s SSRF capability, now fully patched by Microsoft.
AI securityCVE-2026-42824Microsoft 365 Copilot
0 likes · 6 min read
