Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

A severe security flaw has been identified in Microsoft’s Copilot Studio, potentially providing unauthorized access to sensitive data. The vulnerability, called CVE-2024-38206, is a server-side request forgery (SSRF) attack which can enable an authenticated attacker to access Microsoft’s internal infrastructure for the platform. Microsoft reported that the issue has been mitigated and requires no action from customers.