Agents
Microsoft and Salesforce Patch Critical AI Agent Data Leak Vulnerabilities: ForcedLeak (CVSS 9.4) and ShareLeak (CVSS 7.5)
Noma Labs disclosed ForcedLeak (CVSS 9.4) in Salesforce Agentforce — indirect prompt injection via Web-to-Lead forms that tricked agents into exfiltrating CRM data by processing lead inputs as trusted instructions. Salesforce patched with URL allowlist enforcement. Separately, Microsoft patched CVE-2026-21520 (ShareLeak, CVSS 7.5) where malicious SharePoint form input triggered Copilot actions to send data to attacker-controlled email. Both highlight the same architectural flaw: AI agents treating untrusted external input as trusted commands.
Source
↳ Follow the thread