CVE-2026-21535

Severity

7.5HIGH

EPSS

0.1%

top 75.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 19

Latest updateFeb 20

Description

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

GHSA

GHSA-rx38-cw65-cmwp: Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network↗2026-02-20

▶

CVEList

Microsoft Teams Information Disclosure Vulnerability↗2026-02-19

▶

Microsoft

Microsoft Teams Information Disclosure Vulnerability↗2026-02-10

▶