Medium severity4.4NVD Advisory· Published May 12, 2026· Updated May 16, 2026
CVE-2026-41100
CVE-2026-41100
Description
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41100nvdVendor Advisory
News mentions
6- Coding Gaffe Exposes Microsoft 365 Accounts to Widespread TakeoverDark Reading · Jun 3, 2026
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · Jun 3, 2026
- Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android UsersCyber Security News · Jun 3, 2026
- Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at RiskSecurityWeek · Jun 2, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026