CVE-2026-21535 — CVSS 8.2 (high): Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
CVE-2026-42835 — CVSS 8.1 (high): Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an…
CVE-2019-5922 — CVSS 7.8 (high): Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an…
CVE-2025-53783 — CVSS 7.5 (high): Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVE-2024-41138 — CVSS 7.1 (high): A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school)…
CVE-2026-26133 — CVSS 7.1 (high): AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2024-41145 — CVSS 7.1 (high): A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS…
CVE-2024-42004 — CVSS 7.1 (high): A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library…
CVE-2025-49737 — CVSS 7.0 (high): Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized…
CVE-2020-10146 — CVSS 5.7 (medium): The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited…
CVE-2026-32185 — CVSS 5.5 (medium): Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2025-49731 — CVSS 3.1 (low): Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a…