CVE-2026-41614

🔶 medium

🔍 Scan for this CVE

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

CVSS Score

6.2

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-12

First Seen: 2026-05-17

This CVE is Lower Risk - more severe than 39.3% of all 326,604 vulnerabilities in our database.

#198,314

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-284

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
microsoft	365_copilot	Affected	< 19.2604.43111.0

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-41090	⛔ critical	9.3	0.1	Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unaut...	2026-05-22
CVE-2026-42827	🔶 medium	6.5	0.1	Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz...	2026-05-22
CVE-2026-41100	🔶 medium	4.4	0.0	Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.	2026-05-12
CVE-2026-42831	⚠️ high	7.8	0.1	Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.	2026-05-12
CVE-2026-40363	⚠️ high	8.4	0.1	Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.	2026-05-12
CVE-2026-24299	🔶 medium	5.3	0.0	Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthoriz...	2026-03-19

These CVEs affect the same products