Microsoft Outlook vulnerabilities

CVE-2026-26133 [HIGH] CWE-77 CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-21260 [HIGH] CWE-200 CVE-2026-21260: Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an una Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-49699 [HIGH] CWE-416 CVE-2025-49699: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47171 [MEDIUM] CWE-20 CVE-2025-47171: Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2025-29805 [HIGH] CWE-200 CVE-2025-29805: Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthor Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

CVE-2025-21361 [HIGH] CWE-641 CVE-2025-21361: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2025-21357 [MEDIUM] CWE-908 CVE-2025-21357: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-42220 [HIGH] CWE-347 CVE-2024-42220: A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

CVE-2024-43604 [MEDIUM] CWE-1220 CVE-2024-43604: Outlook for Android Elevation of Privilege Vulnerability Outlook for Android Elevation of Privilege Vulnerability

CVE-2024-43482 [MEDIUM] CWE-285 CVE-2024-43482: Microsoft Outlook for iOS Information Disclosure Vulnerability Microsoft Outlook for iOS Information Disclosure Vulnerability

CVE-2024-38173 [MEDIUM] CWE-73 CVE-2024-38173: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-30103 [HIGH] CWE-184 CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-26204 [HIGH] CWE-77 CVE-2024-26204: Outlook for Android Information Disclosure Vulnerability Outlook for Android Information Disclosure Vulnerability

CVE-2024-21378 [HIGH] CWE-94 CVE-2024-21378: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2023-36763 [HIGH] CWE-200 CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability

CVE-2023-35311 [HIGH] CWE-367 CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability Microsoft Outlook Security Feature Bypass Vulnerability

CVE-2023-33131 [HIGH] CWE-94 CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2023-23397 [CRITICAL] CWE-20 CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2021-31949 [HIGH] CWE-94 CVE-2021-31949: Microsoft Outlook Remote Code Execution Vulnerability Microsoft Outlook Remote Code Execution Vulnerability

CVE-2021-31941 [HIGH] CVE-2021-31941: Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office Graphics Remote Code Execution Vulnerability