When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The crooks could then use this token to impersonate the victim and send requests outside the Power Platform.

Zenity added that the vulnerability can be abused in Power Apps, or Copilot Studio.

A person at a laptop with a cybersecure lock symbol floating above it.

Microsoft was notified about the vulnerability in September 2024, and patched it in mid-December last year.