threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft teams
Product
microsoft teams
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32185
< 1.0.0.2026092103
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally
5.5
MEDIUM
CVE-2026-33823
all versions
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
9.6
CRITICAL
CVE-2026-26133
< 1.0.0.2026043102
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
7.1
HIGH
CVE-2026-21535
all versions
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
8.2
HIGH
CVE-2025-53783
< 1.0.0.2025102802
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
7.5
HIGH
CVE-2025-49737
< 25163.3001.3726.6503
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorize
7.0
HIGH
CVE-2025-49731
< 1.0.0.2025112902
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges
3.1
LOW
CVE-2024-42004
all versions
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted l
7.1
HIGH
CVE-2024-41145
all versions
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 fo
7.1
HIGH
CVE-2024-41138
all versions
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school)
7.1
HIGH
CVE-2024-38197
<= 6.19.2
Microsoft Teams for iOS Spoofing Vulnerability
6.5
MEDIUM
CVE-2024-21448
< 1.0.0.2024022302
Microsoft Teams for Android Information Disclosure Vulnerability
5.0
MEDIUM
CVE-2024-21374
< 1.0.0.2024022302
Microsoft Teams for Android Information Disclosure Vulnerability
5.0
MEDIUM
CVE-2023-4863
< 1.6.00.26463
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an
8.8
HIGH
CVE-2023-29330
< 1.6.00.18681
Microsoft Teams Remote Code Execution Vulnerability
8.8
HIGH
CVE-2023-29328
< 1.6.00.18681
Microsoft Teams Remote Code Execution Vulnerability
8.8
HIGH
CVE-2023-24881
< 2.10.1
Microsoft Teams Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2022-21965
< 1.0.94.20000
Microsoft Teams Denial of Service Vulnerability
7.5
HIGH
CVE-2021-24114
all versions
Microsoft Teams iOS Information Disclosure Vulnerability
5.7
MEDIUM
CVE-2020-10146
< 2020-10-29
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be e
5.7
MEDIUM
CVE-2020-17091
all versions
Microsoft Teams Remote Code Execution Vulnerability
7.8
HIGH
CVE-2019-5922
all versions
Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse D
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin