Microsoft: >> Teams Security Vulnerabilities
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.011
Published
2026-06-09
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVSS Score
5.5
EPSS Score
0.005
Published
2026-05-12
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVSS Score
9.6
EPSS Score
0.007
Published
2026-05-07
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.1
EPSS Score
0.004
Published
2026-03-16
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.2
EPSS Score
0.006
Published
2026-02-19
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.008
Published
2025-08-12
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2025-07-08
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
CVSS Score
3.1
EPSS Score
0.004
Published
2025-07-08
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
CVSS Score
7.1
EPSS Score
0.008
Published
2024-12-18
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
CVSS Score
7.1
EPSS Score
0.009
Published
2024-12-18
Page 1