Search

Find a vulnerability

Search criteria

    46 vulnerabilities found for teams by microsoft

    CVE-2026-42835 (GCVE-0-2026-42835)

    Vulnerability from nvd – Published: 2026-06-09 17:05 – Updated: 2026-06-26 19:41
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.76.2026111302 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T12:31:07.373821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T12:31:24.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.76.2026111302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.76.2026111302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements in output used by a downstream component (\u0027injection\u0027) in Microsoft Teams for Android allows an authorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T19:41:26.812Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42835"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-42835",
        "datePublished": "2026-06-09T17:05:20.687Z",
        "dateReserved": "2026-04-30T14:51:12.703Z",
        "dateUpdated": "2026-06-26T19:41:26.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32185 (GCVE-0-2026-32185)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Teams Spoofing Vulnerability
    Summary
    Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026092402 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:33.897127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:07:58.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026092402",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026092402",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:34.265Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185"
            }
          ],
          "title": "Microsoft Teams Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32185",
        "datePublished": "2026-05-12T16:59:00.367Z",
        "dateReserved": "2026-03-11T00:26:53.426Z",
        "dateUpdated": "2026-06-19T16:12:34.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33823 (GCVE-0-2026-33823)

    Vulnerability from nvd – Published: 2026-05-07 20:58 – Updated: 2026-06-19 16:13 Exclusively Hosted Service
    VLAI
    Title
    Microsoft Team Events Portal Information Disclosure Vulnerability
    Summary
    Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-05-07 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:14:55.597047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:15:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "-"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "-",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-07T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:14.265Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Team Events Portal Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33823"
            }
          ],
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Microsoft Team Events Portal Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-33823",
        "datePublished": "2026-05-07T20:58:52.175Z",
        "dateReserved": "2026-03-24T00:52:01.351Z",
        "dateUpdated": "2026-06-19T16:13:14.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26133 (GCVE-0-2026-26133)

    Vulnerability from nvd – Published: 2026-03-13 21:10 – Updated: 2026-06-19 18:18
    VLAI
    Title
    M365 Copilot Information Disclosure Vulnerability
    Summary
    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Copilot for Android Affected: 1.0 , < 16.0.19815.10000 (custom)
    Create a notification for this product.
    Microsoft Microsoft 365 Copilot for iOS Affected: 1.0 , < 2.107.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Loop for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote Affected: 1.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote for Android Affected: 16.0.1 , < 16.0.19725.20142 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: 1.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for iOS Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Mac Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for Android Affected: 2.0.0 , < 2.2.260210.21290750 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for iOS Affected: 1.0.0 , < 1.2.260302.2193910 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026043102 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 8.3.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Date Public
    2026-03-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:24:19.473896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:24:30.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft 365 Copilot for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19815.10000",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft 365 Copilot for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.107.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Loop for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20142",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.2.260210.21290750",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.2.260302.2193910",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026043102",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.107.2",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "8.3.1",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026043102",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19815.10000",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.260210.21290750",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.260302.2193910",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19725.20142",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T18:18:11.619Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "M365 Copilot Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
            }
          ],
          "title": "M365 Copilot Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-26133",
        "datePublished": "2026-03-13T21:10:13.535Z",
        "dateReserved": "2026-02-11T16:24:51.133Z",
        "dateUpdated": "2026-06-19T18:18:11.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21535 (GCVE-0-2026-21535)

    Vulnerability from nvd – Published: 2026-02-19 22:06 – Updated: 2026-05-11 21:25 Exclusively Hosted Service
    VLAI
    Title
    Microsoft Teams Information Disclosure Vulnerability
    Summary
    Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2026-02-19 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21535",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:20:57.388093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:21:23.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "-"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "-",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-02-19T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T21:25:30.929Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535"
            }
          ],
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Microsoft Teams Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-21535",
        "datePublished": "2026-02-19T22:06:20.817Z",
        "dateReserved": "2025-12-30T18:10:54.847Z",
        "dateUpdated": "2026-05-11T21:25:30.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53783 (GCVE-0-2025-53783)

    Vulnerability from nvd – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54
    VLAI
    Title
    Microsoft Teams Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1416/1.0.0.2025102802 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25122.1415.3698.6812 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25122.1207.3700.1444 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Guides HoloLens Affected: 907.0000 , < 907.2505.29001.0 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Remote Assist HoloLens Affected: 316.0000 , < 316.2505.28001 (custom)
    Create a notification for this product.
    Microsoft Teams Panel Affected: 1.0.97 , < 1449/1.0.97.2025102203 (custom)
    Create a notification for this product.
    Microsoft Teams Phone Affected: 1.0.94 , < 1449/1.0.94.2025168802 (custom)
    Create a notification for this product.
    Date Public
    2025-08-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:07:17.024025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:07:30.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1416/1.0.0.2025102802",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1415.3698.6812",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1207.3700.1444",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Guides HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "907.2505.29001.0",
                  "status": "affected",
                  "version": "907.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Remote Assist HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "316.2505.28001",
                  "status": "affected",
                  "version": "316.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Panel",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.97.2025102203",
                  "status": "affected",
                  "version": "1.0.97",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Phone",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.94.2025168802",
                  "status": "affected",
                  "version": "1.0.94",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "316.2505.28001",
                      "versionStartIncluding": "316.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.97.2025102203",
                      "versionStartIncluding": "1.0.97",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.94.2025168802",
                      "versionStartIncluding": "1.0.94",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "907.2505.29001.0",
                      "versionStartIncluding": "907.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1416/1.0.0.2025102802",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25122.1415.3698.6812",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25122.1207.3700.1444",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-08-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T18:54:55.321Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783"
            }
          ],
          "title": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-53783",
        "datePublished": "2025-08-12T17:10:41.147Z",
        "dateReserved": "2025-07-09T13:25:25.502Z",
        "dateUpdated": "2026-02-13T18:54:55.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49737 (GCVE-0-2025-49737)

    Vulnerability from nvd – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25163.3001.3726.6503 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:25.440186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25163.3001.3726.6503",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25163.3001.3726.6503",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:49.711Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49737",
        "datePublished": "2025-07-08T16:58:14.537Z",
        "dateReserved": "2025-06-09T22:49:37.617Z",
        "dateUpdated": "2026-02-26T17:51:06.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49731 (GCVE-0-2025-49731)

    Vulnerability from nvd – Published: 2025-07-08 16:57 – Updated: 2026-02-26 18:27
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2025112902 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25060212643 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:24.341864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:44.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2025112902",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25060212643",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2025112902",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25060212643",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:06:59.899Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49731",
        "datePublished": "2025-07-08T16:57:24.562Z",
        "dateReserved": "2025-06-09T21:23:11.523Z",
        "dateUpdated": "2026-02-26T18:27:44.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-42004 (GCVE-0-2024-42004)

    Vulnerability from nvd – Published: 2024-12-18 22:40 – Updated: 2024-12-19 16:45
    VLAI
    Summary
    A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:03:11.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42004",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T16:45:31.270441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-19T16:45:56.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:40:14.307Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-42004",
        "datePublished": "2024-12-18T22:40:14.307Z",
        "dateReserved": "2024-08-05T20:37:19.355Z",
        "dateUpdated": "2024-12-19T16:45:56.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41145 (GCVE-0-2024-41145)

    Vulnerability from nvd – Published: 2024-12-18 22:38 – Updated: 2024-12-28 00:51
    VLAI
    Summary
    A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:02:57.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:24:40.633247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:51:29.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:38:38.457Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-41145",
        "datePublished": "2024-12-18T22:38:38.457Z",
        "dateReserved": "2024-08-05T20:37:11.630Z",
        "dateUpdated": "2024-12-28T00:51:29.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41138 (GCVE-0-2024-41138)

    Vulnerability from nvd – Published: 2024-12-18 22:38 – Updated: 2024-12-20 17:24
    VLAI
    Summary
    A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:02:55.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1991"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:24:01.965612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:24:19.729Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:38:04.909Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1991",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1991"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-41138",
        "datePublished": "2024-12-18T22:38:04.909Z",
        "dateReserved": "2024-08-05T20:37:09.892Z",
        "dateUpdated": "2024-12-20T17:24:19.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38197 (GCVE-0-2024-38197)

    Vulnerability from nvd – Published: 2024-08-13 17:29 – Updated: 2025-07-10 16:33
    VLAI
    Title
    Microsoft Teams for iOS Spoofing Vulnerability
    Summary
    Microsoft Teams for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.13.0 (custom)
    Create a notification for this product.
    Date Public
    2024-08-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:46:13.202876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T18:46:25.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.13.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.13.0",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T16:33:05.824Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38197"
            }
          ],
          "title": "Microsoft Teams for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38197",
        "datePublished": "2024-08-13T17:29:53.942Z",
        "dateReserved": "2024-06-11T22:36:08.217Z",
        "dateUpdated": "2025-07-10T16:33:05.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21448 (GCVE-0-2024-21448)

    Vulnerability from nvd – Published: 2024-03-12 16:58 – Updated: 2025-05-03 00:47
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Microsoft Teams for Android Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2024022302 (custom)
    Create a notification for this product.
    Date Public
    2024-03-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:45:15.561069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T19:35:19.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:20:40.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2024022302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2024022302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-03-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for Android Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T00:47:03.108Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-21448",
        "datePublished": "2024-03-12T16:58:06.424Z",
        "dateReserved": "2023-12-08T22:45:21.306Z",
        "dateUpdated": "2025-05-03T00:47:03.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21374 (GCVE-0-2024-21374)

    Vulnerability from nvd – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Microsoft Teams for Android Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2024022302 (custom)
    Create a notification for this product.
    Date Public
    2024-02-13 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:47:11.828354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T13:47:44.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:20:40.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Teams for Android Information Disclosure",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2024022302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2024022302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for Android Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:37:37.626Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21374"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-21374",
        "datePublished": "2024-02-13T18:02:41.189Z",
        "dateReserved": "2023-12-08T22:45:20.450Z",
        "dateUpdated": "2025-05-03T01:37:37.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4863 (GCVE-0-2023-4863)

    Vulnerability from nvd – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap buffer overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2023/09/sta…
    https://crbug.com/1479274
    https://en.bandisoft.com/honeyview/history/
    https://stackdiary.com/critical-vulnerability-in-…
    https://www.mozilla.org/en-US/security/advisories…
    https://github.com/webmproject/libwebp/commit/902…
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://security-tracker.debian.org/tracker/CVE-2…
    https://bugzilla.suse.com/show_bug.cgi?id=1215231
    https://news.ycombinator.com/item?id=37478403
    https://www.bleepingcomputer.com/news/google/goog…
    https://www.debian.org/security/2023/dsa-5496
    https://www.debian.org/security/2023/dsa-5497
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://www.debian.org/security/2023/dsa-5498
    https://security.gentoo.org/glsa/202309-05
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://adamcaudill.com/2023/09/14/whose-cve-is-i…
    https://github.com/webmproject/libwebp/releases/t…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/09/21/4
    https://blog.isosceles.com/the-webp-0day/
    http://www.openwall.com/lists/oss-security/2023/09/22/1
    http://www.openwall.com/lists/oss-security/2023/09/22/3
    http://www.openwall.com/lists/oss-security/2023/09/22/4
    http://www.openwall.com/lists/oss-security/2023/09/22/5
    http://www.openwall.com/lists/oss-security/2023/09/22/8
    http://www.openwall.com/lists/oss-security/2023/09/22/7
    http://www.openwall.com/lists/oss-security/2023/09/22/6
    http://www.openwall.com/lists/oss-security/2023/09/26/1
    http://www.openwall.com/lists/oss-security/2023/09/26/7
    http://www.openwall.com/lists/oss-security/2023/09/28/1
    http://www.openwall.com/lists/oss-security/2023/09/28/2
    http://www.openwall.com/lists/oss-security/2023/09/28/4
    https://security.netapp.com/advisory/ntap-2023092…
    https://lists.fedoraproject.org/archives/list/pac…
    https://sethmlarson.dev/security-developer-in-res…
    https://www.bentley.com/advisories/be-2023-0001/
    https://security.gentoo.org/glsa/202401-10
    https://www.vicarius.io/vsociety/posts/zero-day-w…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 116.0.5845.187 , < 116.0.5845.187 (custom)
    Create a notification for this product.
    Google libwebp Affected: 1.3.2 , < 1.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-19T07:48:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1479274"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://en.bandisoft.com/honeyview/history/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37478403"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5497"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.isosceles.com/the-webp-0day/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/advisories/be-2023-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-10"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:18.341149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:38.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-13T00:00:00.000Z",
                "value": "CVE-2023-4863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "116.0.5845.187",
                  "status": "affected",
                  "version": "116.0.5845.187",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libwebp",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "1.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap buffer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T11:07:27.027Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
            },
            {
              "url": "https://crbug.com/1479274"
            },
            {
              "url": "https://en.bandisoft.com/honeyview/history/"
            },
            {
              "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
            },
            {
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
            },
            {
              "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37478403"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5496"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5497"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5498"
            },
            {
              "url": "https://security.gentoo.org/glsa/202309-05"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
            },
            {
              "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
            },
            {
              "url": "https://blog.isosceles.com/the-webp-0day/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
            },
            {
              "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
            },
            {
              "url": "https://www.bentley.com/advisories/be-2023-0001/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-10"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2023-4863",
        "datePublished": "2023-09-12T14:24:59.275Z",
        "dateReserved": "2023-09-09T01:02:58.312Z",
        "dateUpdated": "2025-10-21T23:05:38.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-42835 (GCVE-0-2026-42835)

    Vulnerability from cvelistv5 – Published: 2026-06-09 17:05 – Updated: 2026-06-26 19:41
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.76.2026111302 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T12:31:07.373821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T12:31:24.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.76.2026111302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.76.2026111302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements in output used by a downstream component (\u0027injection\u0027) in Microsoft Teams for Android allows an authorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T19:41:26.812Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42835"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-42835",
        "datePublished": "2026-06-09T17:05:20.687Z",
        "dateReserved": "2026-04-30T14:51:12.703Z",
        "dateUpdated": "2026-06-26T19:41:26.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32185 (GCVE-0-2026-32185)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    Microsoft Teams Spoofing Vulnerability
    Summary
    Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026092402 (custom)
    Create a notification for this product.
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:33.897127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:07:58.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026092402",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026092402",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:34.265Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185"
            }
          ],
          "title": "Microsoft Teams Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32185",
        "datePublished": "2026-05-12T16:59:00.367Z",
        "dateReserved": "2026-03-11T00:26:53.426Z",
        "dateUpdated": "2026-06-19T16:12:34.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33823 (GCVE-0-2026-33823)

    Vulnerability from cvelistv5 – Published: 2026-05-07 20:58 – Updated: 2026-06-19 16:13 Exclusively Hosted Service
    VLAI
    Title
    Microsoft Team Events Portal Information Disclosure Vulnerability
    Summary
    Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-05-07 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:14:55.597047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:15:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "-"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "-",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-07T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:13:14.265Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Team Events Portal Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33823"
            }
          ],
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Microsoft Team Events Portal Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-33823",
        "datePublished": "2026-05-07T20:58:52.175Z",
        "dateReserved": "2026-03-24T00:52:01.351Z",
        "dateUpdated": "2026-06-19T16:13:14.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26133 (GCVE-0-2026-26133)

    Vulnerability from cvelistv5 – Published: 2026-03-13 21:10 – Updated: 2026-06-19 18:18
    VLAI
    Title
    M365 Copilot Information Disclosure Vulnerability
    Summary
    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Copilot for Android Affected: 1.0 , < 16.0.19815.10000 (custom)
    Create a notification for this product.
    Microsoft Microsoft 365 Copilot for iOS Affected: 1.0 , < 2.107.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Loop for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote Affected: 1.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote for Android Affected: 16.0.1 , < 16.0.19725.20142 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: 1.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for iOS Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Mac Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for Android Affected: 2.0.0 , < 2.2.260210.21290750 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for iOS Affected: 1.0.0 , < 1.2.260302.2193910 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026043102 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 8.3.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Date Public
    2026-03-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:24:19.473896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:24:30.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft 365 Copilot for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19815.10000",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft 365 Copilot for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.107.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Loop for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20142",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.2.260210.21290750",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.2.260302.2193910",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026043102",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.107.2",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "8.3.1",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026043102",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19815.10000",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.260210.21290750",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.260302.2193910",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19725.20142",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T18:18:11.619Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "M365 Copilot Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
            }
          ],
          "title": "M365 Copilot Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-26133",
        "datePublished": "2026-03-13T21:10:13.535Z",
        "dateReserved": "2026-02-11T16:24:51.133Z",
        "dateUpdated": "2026-06-19T18:18:11.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21535 (GCVE-0-2026-21535)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:06 – Updated: 2026-05-11 21:25 Exclusively Hosted Service
    VLAI
    Title
    Microsoft Teams Information Disclosure Vulnerability
    Summary
    Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2026-02-19 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21535",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:20:57.388093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:21:23.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "-"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionStartIncluding": "-",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-02-19T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T21:25:30.929Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535"
            }
          ],
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "Microsoft Teams Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-21535",
        "datePublished": "2026-02-19T22:06:20.817Z",
        "dateReserved": "2025-12-30T18:10:54.847Z",
        "dateUpdated": "2026-05-11T21:25:30.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53783 (GCVE-0-2025-53783)

    Vulnerability from cvelistv5 – Published: 2025-08-12 17:10 – Updated: 2026-02-13 18:54
    VLAI
    Title
    Microsoft Teams Remote Code Execution Vulnerability
    Summary
    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1416/1.0.0.2025102802 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25122.1415.3698.6812 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25122.1207.3700.1444 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Guides HoloLens Affected: 907.0000 , < 907.2505.29001.0 (custom)
    Create a notification for this product.
    Microsoft Teams for D365 Remote Assist HoloLens Affected: 316.0000 , < 316.2505.28001 (custom)
    Create a notification for this product.
    Microsoft Teams Panel Affected: 1.0.97 , < 1449/1.0.97.2025102203 (custom)
    Create a notification for this product.
    Microsoft Teams Phone Affected: 1.0.94 , < 1449/1.0.94.2025168802 (custom)
    Create a notification for this product.
    Date Public
    2025-08-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T20:07:17.024025Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T20:07:30.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1416/1.0.0.2025102802",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1415.3698.6812",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25122.1207.3700.1444",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Guides HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "907.2505.29001.0",
                  "status": "affected",
                  "version": "907.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams for D365 Remote Assist HoloLens",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "316.2505.28001",
                  "status": "affected",
                  "version": "316.0000",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Panel",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.97.2025102203",
                  "status": "affected",
                  "version": "1.0.97",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Teams Phone",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1449/1.0.94.2025168802",
                  "status": "affected",
                  "version": "1.0.94",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "316.2505.28001",
                      "versionStartIncluding": "316.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.97.2025102203",
                      "versionStartIncluding": "1.0.97",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1449/1.0.94.2025168802",
                      "versionStartIncluding": "1.0.94",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "907.2505.29001.0",
                      "versionStartIncluding": "907.0000",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1416/1.0.0.2025102802",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25122.1415.3698.6812",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25122.1207.3700.1444",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-08-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T18:54:55.321Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53783"
            }
          ],
          "title": "Microsoft Teams Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-53783",
        "datePublished": "2025-08-12T17:10:41.147Z",
        "dateReserved": "2025-07-09T13:25:25.502Z",
        "dateUpdated": "2026-02-13T18:54:55.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49737 (GCVE-0-2025-49737)

    Vulnerability from cvelistv5 – Published: 2025-07-08 16:58 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Mac, New Edition Affected: 1.0.0.0 , < 25163.3001.3726.6503 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:25.440186Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:06.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Mac, New Edition",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25163.3001.3726.6503",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:new:*:*:*",
                      "versionEndExcluding": "25163.3001.3726.6503",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Microsoft Teams allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:07:49.711Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49737"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49737",
        "datePublished": "2025-07-08T16:58:14.537Z",
        "dateReserved": "2025-06-09T22:49:37.617Z",
        "dateUpdated": "2026-02-26T17:51:06.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-49731 (GCVE-0-2025-49731)

    Vulnerability from cvelistv5 – Published: 2025-07-08 16:57 – Updated: 2026-02-26 18:27
    VLAI
    Title
    Microsoft Teams Elevation of Privilege Vulnerability
    Summary
    Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2025112902 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Desktop Affected: 1.0.0 , < 25060212643 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.10.1 (100772025102901) (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-09T04:01:24.341864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:44.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2025112902",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Desktop",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "25060212643",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.10.1 (100772025102901)",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2025112902",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.10.1 (100772025102901)",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "25060212643",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:06:59.899Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731"
            }
          ],
          "title": "Microsoft Teams Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-49731",
        "datePublished": "2025-07-08T16:57:24.562Z",
        "dateReserved": "2025-06-09T21:23:11.523Z",
        "dateUpdated": "2026-02-26T18:27:44.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-42004 (GCVE-0-2024-42004)

    Vulnerability from cvelistv5 – Published: 2024-12-18 22:40 – Updated: 2024-12-19 16:45
    VLAI
    Summary
    A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:03:11.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42004",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T16:45:31.270441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-19T16:45:56.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:40:14.307Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1973"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-42004",
        "datePublished": "2024-12-18T22:40:14.307Z",
        "dateReserved": "2024-08-05T20:37:19.355Z",
        "dateUpdated": "2024-12-19T16:45:56.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41145 (GCVE-0-2024-41145)

    Vulnerability from cvelistv5 – Published: 2024-12-18 22:38 – Updated: 2024-12-28 00:51
    VLAI
    Summary
    A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:02:57.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:24:40.633247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:51:29.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:38:38.457Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-41145",
        "datePublished": "2024-12-18T22:38:38.457Z",
        "dateReserved": "2024-08-05T20:37:11.630Z",
        "dateUpdated": "2024-12-28T00:51:29.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41138 (GCVE-0-2024-41138)

    Vulnerability from cvelistv5 – Published: 2024-12-18 22:38 – Updated: 2024-12-20 17:24
    VLAI
    Summary
    A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Teams (work or school) Affected: 24046.2812.2722.8193 for macOS
    Create a notification for this product.
    Credits
    Discovered by Francesco Benvenuto of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-18T23:02:55.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1991"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T17:24:01.965612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T17:24:19.729Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teams (work or school)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "24046.2812.2722.8193 for macOS"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Francesco Benvenuto of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T22:38:04.909Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1991",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1991"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2024-41138",
        "datePublished": "2024-12-18T22:38:04.909Z",
        "dateReserved": "2024-08-05T20:37:09.892Z",
        "dateUpdated": "2024-12-20T17:24:19.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-38197 (GCVE-0-2024-38197)

    Vulnerability from cvelistv5 – Published: 2024-08-13 17:29 – Updated: 2025-07-10 16:33
    VLAI
    Title
    Microsoft Teams for iOS Spoofing Vulnerability
    Summary
    Microsoft Teams for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 7.13.0 (custom)
    Create a notification for this product.
    Date Public
    2024-08-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38197",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:46:13.202876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T18:46:25.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.13.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "7.13.0",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T16:33:05.824Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38197"
            }
          ],
          "title": "Microsoft Teams for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38197",
        "datePublished": "2024-08-13T17:29:53.942Z",
        "dateReserved": "2024-06-11T22:36:08.217Z",
        "dateUpdated": "2025-07-10T16:33:05.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21448 (GCVE-0-2024-21448)

    Vulnerability from cvelistv5 – Published: 2024-03-12 16:58 – Updated: 2025-05-03 00:47
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Microsoft Teams for Android Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2024022302 (custom)
    Create a notification for this product.
    Date Public
    2024-03-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:45:15.561069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T19:35:19.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:20:40.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2024022302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2024022302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-03-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for Android Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T00:47:03.108Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-21448",
        "datePublished": "2024-03-12T16:58:06.424Z",
        "dateReserved": "2023-12-08T22:45:21.306Z",
        "dateUpdated": "2025-05-03T00:47:03.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21374 (GCVE-0-2024-21374)

    Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37
    VLAI
    Title
    Microsoft Teams for Android Information Disclosure Vulnerability
    Summary
    Microsoft Teams for Android Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2024022302 (custom)
    Create a notification for this product.
    Date Public
    2024-02-13 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:47:11.828354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T13:47:44.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:20:40.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Teams for Android Information Disclosure",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2024022302",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2024022302",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Teams for Android Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:37:37.626Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Teams for Android Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21374"
            }
          ],
          "title": "Microsoft Teams for Android Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-21374",
        "datePublished": "2024-02-13T18:02:41.189Z",
        "dateReserved": "2023-12-08T22:45:20.450Z",
        "dateUpdated": "2025-05-03T01:37:37.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4863 (GCVE-0-2023-4863)

    Vulnerability from cvelistv5 – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Heap buffer overflow
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2023/09/sta…
    https://crbug.com/1479274
    https://en.bandisoft.com/honeyview/history/
    https://stackdiary.com/critical-vulnerability-in-…
    https://www.mozilla.org/en-US/security/advisories…
    https://github.com/webmproject/libwebp/commit/902…
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://security-tracker.debian.org/tracker/CVE-2…
    https://bugzilla.suse.com/show_bug.cgi?id=1215231
    https://news.ycombinator.com/item?id=37478403
    https://www.bleepingcomputer.com/news/google/goog…
    https://www.debian.org/security/2023/dsa-5496
    https://www.debian.org/security/2023/dsa-5497
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://www.debian.org/security/2023/dsa-5498
    https://security.gentoo.org/glsa/202309-05
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    https://adamcaudill.com/2023/09/14/whose-cve-is-i…
    https://github.com/webmproject/libwebp/releases/t…
    https://lists.debian.org/debian-lts-announce/2023…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/09/21/4
    https://blog.isosceles.com/the-webp-0day/
    http://www.openwall.com/lists/oss-security/2023/09/22/1
    http://www.openwall.com/lists/oss-security/2023/09/22/3
    http://www.openwall.com/lists/oss-security/2023/09/22/4
    http://www.openwall.com/lists/oss-security/2023/09/22/5
    http://www.openwall.com/lists/oss-security/2023/09/22/8
    http://www.openwall.com/lists/oss-security/2023/09/22/7
    http://www.openwall.com/lists/oss-security/2023/09/22/6
    http://www.openwall.com/lists/oss-security/2023/09/26/1
    http://www.openwall.com/lists/oss-security/2023/09/26/7
    http://www.openwall.com/lists/oss-security/2023/09/28/1
    http://www.openwall.com/lists/oss-security/2023/09/28/2
    http://www.openwall.com/lists/oss-security/2023/09/28/4
    https://security.netapp.com/advisory/ntap-2023092…
    https://lists.fedoraproject.org/archives/list/pac…
    https://sethmlarson.dev/security-developer-in-res…
    https://www.bentley.com/advisories/be-2023-0001/
    https://security.gentoo.org/glsa/202401-10
    https://www.vicarius.io/vsociety/posts/zero-day-w…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 116.0.5845.187 , < 116.0.5845.187 (custom)
    Create a notification for this product.
    Google libwebp Affected: 1.3.2 , < 1.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-19T07:48:10.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1479274"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://en.bandisoft.com/honeyview/history/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37478403"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5497"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202309-05"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.isosceles.com/the-webp-0day/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/advisories/be-2023-0001/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-10"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-28T05:00:18.341149Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:38.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-13T00:00:00.000Z",
                "value": "CVE-2023-4863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "116.0.5845.187",
                  "status": "affected",
                  "version": "116.0.5845.187",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "libwebp",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "1.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Heap buffer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T11:07:27.027Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
            },
            {
              "url": "https://crbug.com/1479274"
            },
            {
              "url": "https://en.bandisoft.com/honeyview/history/"
            },
            {
              "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
            },
            {
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
            },
            {
              "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37478403"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5496"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5497"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5498"
            },
            {
              "url": "https://security.gentoo.org/glsa/202309-05"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
            },
            {
              "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
            },
            {
              "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
            },
            {
              "url": "https://blog.isosceles.com/the-webp-0day/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
            },
            {
              "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
            },
            {
              "url": "https://www.bentley.com/advisories/be-2023-0001/"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-10"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2023-4863",
        "datePublished": "2023-09-12T14:24:59.275Z",
        "dateReserved": "2023-09-09T01:02:58.312Z",
        "dateUpdated": "2025-10-21T23:05:38.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }