CVE-2026-32185

🔶 medium

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

CVSS Score

5.5

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-19

This CVE is Lower Risk - more severe than 32.6% of all 326,604 vulnerabilities in our database.

#220,252

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-05-18

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-552

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
microsoft	teams	Affected	< 1.0.0.2026092103

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-33823	⛔ critical	9.6	0.1	Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.	2026-05-07
CVE-2026-26133	⚠️ high	7.1	0.1	AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.	2026-03-16
CVE-2026-21535	⚠️ high	8.2	0.1	Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.	2026-02-19
CVE-2025-53783	⚠️ high	7.5	0.1	Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.	2025-08-12
CVE-2025-49731	ℹ️ low	3.1	0.0	Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate ...	2025-07-08
CVE-2025-49737	⚠️ high	7.0	0.0	Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an...	2025-07-08

These CVEs affect the same products