This 'fascinating' Microsoft Excel security flaw teams up spreadsheets and Copilot Agent to steal data
techradar.com
- Microsoft's latest Patch Tuesday release fixes 83 flaws
- Including an Excel bug which enables AI-driven zero-click data theft
- Update urged to block exfiltration via Copilot assistant
The March 2026 Patch Tuesday release from Microsoft has fixed a high-severity vulnerability in Excel, which combines good old cross-site scripting (XSS) with indirect prompt injection for data exfiltration via Artificial Intelligence (AI).
Since AI gave an old vulnerability a new twist, some security researchers described it as “fascinating” - and it being a “zero-click” attack didn’t help, either.
In its security advisory, Microsoft described the bug as an “improper neutralization of input” vulnerability which happens during web page generation, allowing unauthorized attackers to disclose information over a network. It is now tracked as CVE-2026-26144 and was given a severity score of 7.5/10 (high).
Article continues below
Copyright of this story solely belongs to techradar.com . To see the full text click HERE