Skip to content

Microsoft 365 Copilot: Data Leakage Through Chained Security Vulnerabilities

Bottom line: Multiple chained security vulnerabilities in Microsoft 365 Copilot enable data leakage from emails and OneDrive files.

Researchers have demonstrated an attack chain in Microsoft 365 Copilot that allows attackers to gain access to emails and OneDrive files. The vulnerabilities lie in the chaining of multiple security issues.

A security research team has identified multiple vulnerabilities in Microsoft 365 Copilot that, in combination, enable data leakage. The attack chain allows attackers to access sensitive data such as emails and OneDrive files when the user interacts with the Copilot system.

The risk to organizations lies in the combination of multiple already known vulnerabilities. Attackers can chain these gaps to gain access to user data without requiring complex technical manipulations. This poses a significant threat to data security, as Copilot is increasingly being deployed in enterprise environments and has access to business-critical information.

For CISOs, this means that the use of Copilot in its current form is risky. Administrators should apply the corresponding patches from Microsoft and verify whether Copilot integration points are enabled in their own environment. Until the issue is resolved, access to Copilot features in sensitive areas should be restricted.


Source: www.golem.de · Published 16 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: