Microsoft and Salesforce Address AI Agent Data Exfiltration Vulnerabilities

Microsoft and Salesforce Address AI Agent Data Exfiltration Vulnerabilities

First seen 15 Apr 2026, 21:16 UTC DarkreadingCsoonlineVenturebeatwww.capsulesecurity.ionoma.security+1 86% similarity 70.5

Article Content

Browse articles
ThreatCluster

Microsoft and Salesforce have patched serious prompt injection vulnerabilities in their AI platforms, Copilot Studio and Agentforce, respectively. Capsule Security identified these flaws, allowing attackers to exfiltrate sensitive data via crafted inputs in SharePoint and CRM forms. The Microsoft vulnerability, assigned CVE-2026-21520 with a CVSS score of 7.5, enables data extraction through malicious payloads inserted into SharePoint forms. Similarly, the Salesforce vulnerability, dubbed 'PipeLeak,' allows attackers to embed harmful instructions in public-facing lead forms. Despite the patches, the incidents highlight ongoing challenges with prompt injection vulnerabilities in large language models. Capsule's findings suggest that traditional security measures are inadequate for protecting AI agents. Organizations using these platforms are advised to review their configurations and implement additional security measures.

Key Points: • Microsoft and Salesforce patched critical prompt injection vulnerabilities in their AI systems. • CVE-2026-21520 allows data exfiltration from Microsoft Copilot via SharePoint forms. • Salesforce's 'PipeLeak' vulnerability enables data extraction through compromised lead forms.

ThreatCluster AI

Timeline

2025-06-11
CVE-2025-32711 published
2025-11-24
Capsule Security discovers Copilot vulnerability.
2025-12-05
Microsoft confirms Copilot vulnerability.
2026-01-15
Microsoft patches Copilot vulnerability.
2026-01-22
CVE-2026-21520 published.
2026-04-15
Capsule Security publicly discloses findings.

Community

Browse all →