M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger
Summary
SearchLeak is a prompt injection attack (tricking an AI by hiding malicious instructions in its input) that exploits Microsoft's M365 Copilot Enterprise Search by using specially crafted URLs to leak sensitive corporate data like emails, documents, and meeting notes. The attack works because Copilot Search accepts natural language prompts in URL parameters (the ?q=[query] part of web addresses), creating a new security weakness called parameter-to-prompt injection that could affect other AI-powered web services too. Microsoft patched the vulnerability on its servers, but the attack reveals a broader risk: AI services with broad access to corporate assets are vulnerable to this type of data theft.
Solution / Mitigation
Microsoft rated the information disclosure flaw as critical and patched the vulnerability on the server side earlier that month.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://www.csoonline.com/article/4186970/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html
First tracked: June 19, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%