Copilot and LiteLLM hit by same flaw

Two AI tools broke the same way in two weeks. Varonis disclosed SearchLeak (CVE-2026-42824) in Microsoft 365 Copilot Enterprise Search: a crafted URL lets Copilot search a victim's mailbox and exfiltrate data via Bing SSRF. Obsidian Security published a three-CVE chain against LiteLLM. Enterprise AI accepts external input with no trust boundary.