// Microsoft 365CRITICAL
Microsoft patched CVE-2026-42824 (SearchLeak), a critical vulnerability in Microsoft 365 Copilot Enterprise that allowed attackers to craft a malicious link to steal emails, documents, and meeting details from victims with a single click. The attack chained three separate bugs to exfiltrate data without user awareness. Microsoft applied the fix automatically at the beginning of June 2026.
- Microsoft 365 Copilot vulnerability: what Ghanaian office worker(opens in a new tab)
- Microsoft: Cyber Security News ®’s Post(opens in a new tab)
- Critical Microsoft 365 Copilot Vulnerability Allows Attackers to(opens in a new tab)
- SearchLeak Vulnerability Hits Microsoft 365 Copilot Users(opens in a new tab)
- Critical SearchLeak Vulnerability Lets Attackers Steal Emails, M(opens in a new tab)
- Microsoft Copilot CVE-2026-42824 Patch: The SearchLeak AI Data L(opens in a new tab)
// Get alerts for Microsoft 365