EXECUTIVE SUMMARY
A vulnerability chain in Microsoft 365 Copilot, dubbed “SearchLeak,” has been identified that could allow unauthorized disclosure of sensitive organizational data. The attack leverages Copilot’s interaction with Microsoft 365 data sources and requires only that a user interact with a specially crafted payload. Successful exploitation could result in the exposure of sensitive information, including email content, calendar data, documents, and other information accessible to the affected user’s Microsoft 365 account. Researchers demonstrated that retrieved data could be exfiltrated through attacker-controlled infrastructure without requiring malware installation or additional user interaction.
- Vulnerability Name: SearchLeak
- CVE ID: CVE-2026-42824
- CVSS Score: 6.5
- CWE: CWE-77 (Improper Neutralization of Special Elements Used in a Command)
- Threat Type: Information Disclosure
- Affected Product: Microsoft 365 Copilot
- Active Region: Global
- Impact: Unauthorized Access and Disclosure of Sensitive Information
- Severity: Medium
- Published Date: June 15, 2026
TECHNICAL DETAILS
SearchLeak is a three-stage vulnerability chain affecting Microsoft 365 Copilot Enterprise Search. The attack combines a Parameter-to-Prompt Injection (P2P) vulnerability, an HTML Rendering Race Condition, and a Server-Side Request Forgery (SSRF) weakness to facilitate unauthorized disclosure of sensitive information accessible to the victim’s Microsoft 365 account. Successful exploitation may allow an attacker to exfiltrate emails, calendar data, OneDrive content, SharePoint documents, and other information indexed by Copilot Enterprise Search.
- Target: Microsoft 365 Copilot Enterprise Search users and organizations utilizing Microsoft 365 services, including Exchange Online, OneDrive, SharePoint Online, and other data sources indexed by Copilot.
- Root Cause: The vulnerability arises from a chained exploitation of three weaknesses: a Parameter-to-Prompt (P2P) Injection that allows attacker-controlled instructions to be processed by Copilot through the URL query parameter, an HTML Rendering Race Condition that permits attacker-controlled HTML content to execute before output sanitization is applied, and a Bing-based Server-Side Request Forgery (SSRF) that enables sensitive data to be exfiltrated through a trusted Microsoft service, bypassing Content Security Policy (CSP) protections.
- Prerequisite For Exploitation: To successfully exploit this vulnerability, the attacker must entice a victim to click a specially crafted Microsoft 365 Copilot Search URL……



