ONE CLICK WAS ALL IT TOOK TO STEAL YOUR EMAILS AND PASSWORDS FROM MICROSOFT COPILOT
Security researchers at Varonis disclosed a critical vulnerability in Microsoft 365 Copilot that required nothing more than a single click from a victim to hand attackers full access to their emails, calendar events, meeting notes, and stored passwords. The flaw, tracked as CVE-2026-42824 and named SearchLeak, was rated critical and patched by Microsoft in early June.
The attack was elegant in the worst possible way. It chained three separate weaknesses together. First, an attacker could inject malicious instructions into Copilot through a crafted URL parameter, essentially feeding the AI assistant a hidden command without the user ever seeing it. Second, a rendering race condition in the interface fired an attacker-controlled image tag before the page’s security filters could catch it. Third, that image request was routed through Bing’s servers, which were on Copilot’s whitelist, allowing stolen data to flow out without triggering any content security alarms.
The result was that a single malicious link sent to a Copilot user could silently vacuum out their inbox, their two-factor authentication codes, their scheduled meetings, and their documents. No malware required. No unusual permissions required. Just one click.
Microsoft says there is no evidence the flaw was exploited in the wild before disclosure. That may be cold comfort given how long it existed.
Keywords: Microsoft Copilot vulnerability, SearchLeak CVE-2026-42824, AI security flaw, data exfiltration attack