High severity7.1NVD Advisory· Published May 12, 2026· Updated May 16, 2026
CVE-2026-41102
CVE-2026-41102
Description
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
Affected products
2cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*+ 1 more
- cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*range: <16.0.19822.20190
- (no CPE)
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41102nvdVendor Advisory
News mentions
4- Coding Gaffe Exposes Microsoft 365 Accounts to Widespread TakeoverDark Reading · Jun 3, 2026
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · Jun 3, 2026
- Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android UsersCyber Security News · Jun 3, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026