Teams
by Microsoft
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33823 | Cri | 0.62 | 9.6 | 0.01 | May 7, 2026 | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | ||
| CVE-2026-42835 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network. | ||
| CVE-2020-17091 | Hig | 0.51 | 7.8 | 0.02 | Nov 11, 2020 | Microsoft Teams Remote Code Execution Vulnerability | ||
| CVE-2026-26133 | Hig | 0.46 | 7.1 | 0.00 | Mar 16, 2026 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-32185 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2021-24114 | 0.02 | — | 0.03 | Feb 25, 2021 | Microsoft Teams iOS Information Disclosure Vulnerability | |||
| CVE-2018-8529 | 0.02 | — | 0.13 | Nov 15, 2018 | A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team. | |||
| CVE-2022-21965 | 0.01 | — | 0.03 | Feb 9, 2022 | Microsoft Teams Denial of Service Vulnerability | |||
| CVE-2019-0647 | 0.01 | — | 0.05 | Jan 17, 2019 | An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team. | |||
| CVE-2026-21535 | 0.00 | — | 0.01 | Feb 19, 2026 | Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-53783 | 0.00 | — | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-49737 | 0.00 | — | 0.00 | Jul 8, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49731 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2024-42004 | 0.00 | — | 0.01 | Dec 18, 2024 | A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program… | |||
| CVE-2024-41145 | 0.00 | — | 0.01 | Dec 18, 2024 | A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a… | |||
| CVE-2024-41138 | 0.00 | — | 0.01 | Dec 18, 2024 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious… | |||
| CVE-2023-29330 | 0.00 | — | 0.02 | Aug 8, 2023 | Microsoft Teams Remote Code Execution Vulnerability | |||
| CVE-2023-29328 | 0.00 | — | 0.02 | Aug 8, 2023 | Microsoft Teams Remote Code Execution Vulnerability | |||
| CVE-2023-24881 | 0.00 | — | 0.01 | Jul 11, 2023 | Microsoft Teams Information Disclosure Vulnerability | |||
| CVE-2020-10146 | 0.00 | — | 0.02 | Dec 9, 2020 | The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This… |
- risk 0.62cvss 9.6epss 0.01
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
- risk 0.53cvss 8.1epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
- risk 0.51cvss 7.8epss 0.02
Microsoft Teams Remote Code Execution Vulnerability
- risk 0.46cvss 7.1epss 0.00
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
- CVE-2021-24114Feb 25, 2021risk 0.02cvss —epss 0.03
Microsoft Teams iOS Information Disclosure Vulnerability
- CVE-2018-8529Nov 15, 2018risk 0.02cvss —epss 0.13
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
- CVE-2022-21965Feb 9, 2022risk 0.01cvss —epss 0.03
Microsoft Teams Denial of Service Vulnerability
- CVE-2019-0647Jan 17, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
- CVE-2026-21535Feb 19, 2026risk 0.00cvss —epss 0.01
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
- CVE-2025-53783Aug 12, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
- CVE-2025-49737Jul 8, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.
- CVE-2025-49731Jul 8, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
- CVE-2024-42004Dec 18, 2024risk 0.00cvss —epss 0.01
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program…
- CVE-2024-41145Dec 18, 2024risk 0.00cvss —epss 0.01
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a…
- CVE-2024-41138Dec 18, 2024risk 0.00cvss —epss 0.01
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious…
- CVE-2023-29330Aug 8, 2023risk 0.00cvss —epss 0.02
Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-29328Aug 8, 2023risk 0.00cvss —epss 0.02
Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-24881Jul 11, 2023risk 0.00cvss —epss 0.01
Microsoft Teams Information Disclosure Vulnerability
- CVE-2020-10146Dec 9, 2020risk 0.00cvss —epss 0.02
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This…
Page 1 of 2