CVEFinder.io

CVE-2026-42835

⚠ī¸ high
🔍 Scan for this CVE
Summary

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

CVSS Score
8.1
High
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-09
First Seen: 2026-06-10
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.5% of all 327,350 vulnerabilities in our database.

#73,634
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jun 10, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-12
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE IDs (Weakness Types)
CWE-74

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
microsoft teams Affected
< 1.0.76.2026111302

🔗 References 1

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-32185 đŸ”ļ medium 5.5 0.1 Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofi... 2026-05-12
CVE-2026-33823 ⛔ critical 9.6 0.1 Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. 2026-05-07
CVE-2026-26133 ⚠ī¸ high 7.1 0.1 AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. 2026-03-16
CVE-2026-21535 ⚠ī¸ high 8.2 0.1 Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. 2026-02-19
CVE-2025-53783 ⚠ī¸ high 7.5 0.1 Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. 2025-08-12
CVE-2025-49731 ℹī¸ low 3.1 0.0 Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate ... 2025-07-08
These CVEs affect the same products