Agents
Microsoft and Salesforce Patch AI Agent Data Exfiltration Flaws — CVE-2026-21520 (ShareLeak) and PipeLeak
Capsule Security disclosed two architectural prompt injection vulnerabilities: ShareLeak (CVE-2026-21520, CVSS 7.5) in Copilot Studio where a SharePoint form field overrides system instructions to exfiltrate data via Outlook, and PipeLeak in Salesforce Agentforce where a public lead form hijacks agents with no auth and no volume cap on exfiltrated CRM data. Microsoft's unusual decision to assign a CVE to a prompt injection may set precedent for the entire agentic ecosystem.
Source
↳ Follow the thread