Microsoft Copilot Reprompt prompt-injection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Reprompt is a Microsoft Copilot prompt-injection flaw that can let a crafted URL trigger invisible data exfiltration from an authenticated session. The abuse path uses the 'q' parameter and can be reached with a single click on a legitimate Microsoft link, without plugins or direct user interaction with Copilot. Microsoft addressed the issue after disclosure, and the flaw does not affect Microsoft 365 Copilot.
Related Happenings
Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
First: 14.05.2026 10:27
Last: 14.05.2026 10:27
Sources 1
About this happening:
**YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Windows 11 BitLocker bypass YellowKey security flaw
VulnerabilityAbout this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Latest development: 20.05.2026 10:31
Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Cursor IDE MCP deeplink code execution security flaw
Vulnerability
First: 17.03.2026 17:00
Last: 17.03.2026 17:00
Sources 1
About this happening:
A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...
Cursor IDE MCP deeplink code execution security flaw
VulnerabilityAbout this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...
Microsoft expands Purview DLP enforcement for Copilot across local and cloud Office files
Security Tool/Service
First: 24.02.2026 19:30
Last: 24.02.2026 19:30
Sources 1
About this happening:
Microsoft is expanding **Purview DLP** so **Microsoft 365 Copilot** cannot process restricted **Word, Excel, and PowerPoint** files stored on **local devices, SharePoint, or OneDr...
Microsoft expands Purview DLP enforcement for Copilot across local and cloud Office files
Security Tool/ServiceAbout this happening: Microsoft is expanding **Purview DLP** so **Microsoft 365 Copilot** cannot process restricted **Word, Excel, and PowerPoint** files stored on **local devices, SharePoint, or OneDr...
Microsoft 365 Copilot work tab DLP bypass security flaw
Vulnerability
First: 18.02.2026 14:03
Last: 18.02.2026 14:03
Sources 1
About this happening:
**Microsoft 365 Copilot** has a **DLP-bypass vulnerability** in its **work tab chat** that can summarize confidential email content, creating a risk that protected messages are pr...
Microsoft 365 Copilot work tab DLP bypass security flaw
VulnerabilityAbout this happening: **Microsoft 365 Copilot** has a **DLP-bypass vulnerability** in its **work tab chat** that can summarize confidential email content, creating a risk that protected messages are pr...
Windows 11 Notepad Markdown link RCE (CVE-2026-20841)
Vulnerability
First: 12.02.2026 01:15
Last: 12.02.2026 01:15
Sources 1
About this happening:
Microsoft fixed **CVE-2026-20841**, a **remote code execution** flaw in **Windows 11 Notepad** that could be triggered by clicking a **malicious Markdown link**. On **Notepad vers...
Windows 11 Notepad Markdown link RCE (CVE-2026-20841)
VulnerabilityAbout this happening: Microsoft fixed **CVE-2026-20841**, a **remote code execution** flaw in **Windows 11 Notepad** that could be triggered by clicking a **malicious Markdown link**. On **Notepad vers...
Timeline
-
14.01.2026 16:00 1 articles · 4mo ago
Varonis discloses Reprompt to Microsoft
Initial DisclosureVaronis responsibly disclosed Reprompt to Microsoft after finding that Microsoft Copilot can execute prompts carried in a URL's 'q' parameter, letting a single click trigger injected instructions against an authenticated session.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
-
14.01.2026 16:00 1 articles · 4mo ago
Microsoft fixes Reprompt in January 2026 Patch Tuesday
Mitigation Patch UpdateMicrosoft addressed the Reprompt flaw in January 2026 Patch Tuesday, and the remediation guidance is to apply the latest Windows security update to reduce risk from malicious Copilot links.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
-
14.01.2026 16:00 3 articles · 4mo ago
Varonis details the Reprompt attack chain
Technical Analysis UpdateVaronis described Reprompt as a Microsoft Copilot prompt-injection method that hides malicious instructions in a legitimate URL, uses the 'q' parameter to trigger actions, and can sustain invisible data exfiltration through P2P injection, a double-request technique, and a chain-request technique. The researchers said the attack can continue after the Copilot tab is closed, depends on the victim's authenticated session, and had not been detected in the wild.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
- Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot — thehackernews.com — 15.01.2026 17:09