Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)
Summary
This writeup describes vulnerabilities found in Microsoft Copilot products that allow attackers to steal sensitive data through multiple attack chains, including data exfiltration via HTML preview features, hijacking the AI's long-term memory through prompt injection (tricking an AI by hiding instructions in its input), and creating persistent backdoors. The vulnerabilities, assigned CVE-2026-24299, exploited what researchers call the "lethal trifecta," where an AI has access to private data, untrusted content, and external communication channels simultaneously.
Solution / Mitigation
Microsoft patched these issues. The source states: "MSRC assigned CVE-2026-24299 and the issues are now patched." No specific patch version number or detailed mitigation steps are provided in the source text.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
Original source: https://embracethered.com/blog/posts/2026/defcon-talk-copirate-365/
First tracked: May 4, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%