Medium severity6.2NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-41614
CVE-2026-41614
Description
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41614nvdVendor Advisory
News mentions
14- Microsoft says some users can't install Office on Windows 365 devicesBleepingComputer · May 13, 2026
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsThe Hacker News · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- It's Patch Tuesday for Microsoft & Not a Zero-Day In SightDark Reading · May 12, 2026
- Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilitiesCisco Talos Intelligence · May 12, 2026
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-daysBleepingComputer · May 12, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026
- ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure VulnerabilityZero Day Initiative · Apr 21, 2026
- Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent VulnerabilitiesCisco Talos Intelligence · Apr 14, 2026
- Risky Business #832 -- Anthropic unveils magical 0day computer GodRisky Business · Apr 8, 2026
- Russia Hacked Routers to Steal Microsoft Office TokensKrebs on Security · Apr 7, 2026
- Microsoft Patch Tuesday, March 2026 EditionKrebs on Security · Mar 11, 2026
- May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEsCrowdStrike Blog