Medium severity4.4NVD Advisory· Published May 12, 2026· Updated May 16, 2026
CVE-2026-41100
CVE-2026-41100
Description
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41100nvdVendor Advisory
News mentions
2- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026