SearchLeak vulnerability in Microsoft 365 Copilot Enterprise enabled attackers to steal sensitive data via specially crafted URLs before Microsoft patched the flaw as CVE-2026-42824. The vulnerability allowed unauthorized access to confidential enterprise information.
- SearchLeak Vulnerability Hits Microsoft 365 Copilot Users(opens in a new tab)
- Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Throu(opens in a new tab)
- "SearchLeak" Copilot Vulnerability Chain Turns the AI Assistant (opens in a new tab)
// Get alerts for Microsoft Azure