Overview
- Varonis Threat Labs disclosed the vulnerability chain called SearchLeak in mid-June and published a proof-of-concept while Microsoft assigned CVE-2026-42824 and applied server-side mitigations.
- The exploit used a three-stage chain: a parameter-to-prompt injection via the Copilot Search 'q' URL parameter, a streaming HTML rendering race that fired an request before output was sanitized, and a Bing server-side fetch that acted as an unwitting SSRF proxy.
- A successful chain could expose mailbox content, active two-factor authentication codes, calendar items, and files indexed from OneDrive and SharePoint simply by a user clicking a crafted Microsoft URL.
- Microsoft says it has closed the immediate attack path and reporters found no evidence of in-the-wild exploitation at disclosure, but tenant admins must still monitor q-parameter payloads and unusual Bing image requests to detect attempts.
- Security researchers say SearchLeak repeats a pattern from earlier Copilot bugs and shows that fixing individual bugs is not enough; defenders must rethink prompt boundaries, output sanitization timing, and server-side allowlists to stop future chains.