Agents
Microsoft Copilot ShareLeak (CVE-2026-21520): Prompt Injection Against M365 Copilot Agents Enables Cross-Tenant Data Exfiltration
Microsoft patched CVE-2026-21520 ('ShareLeak'), a prompt injection vulnerability in Microsoft 365 Copilot agent systems that allowed attackers to exfiltrate data across tenant boundaries via crafted prompts targeting published M365 agents. Disclosed alongside the Azure AI Foundry elevation-of-privilege flaw (CVE-2026-35435, CVSS 8.6) affecting access controls on M365 published agents. Both patches landed in the May 2026 Patch Tuesday cycle. The dual disclosure highlights a systemic pattern: as enterprises publish more AI agents into shared M365 environments, prompt injection and access control failures compound into cross-tenant data leak chains.
Source
↳ Follow the thread