Microsoft Teams vulnerabilities

14 known vulnerabilities affecting microsoft/teams.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH6MEDIUM4LOW1

Vulnerabilities

Page 1 of 1

CVE-2026-26133HIGHCVSS 7.1fixed in 1.0.0.2026043102fixed in 8.3.12026-03-16

CVE-2026-26133 [HIGH] CWE-77 CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-53783HIGHCVSS 7.5fixed in 1.0.0.2025102802fixed in 7.10.1+2 more2025-08-12

CVE-2025-53783 [HIGH] CWE-122 CVE-2025-53783: Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-49737HIGHCVSS 7.0fixed in 25163.3001.3726.65032025-07-08

CVE-2025-49737 [HIGH] CWE-362 CVE-2025-49737: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-49731LOWCVSS 3.1fixed in 1.0.0.2025112902fixed in 7.10.12025-07-08

CVE-2025-49731 [LOW] CWE-280 CVE-2025-49731: Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2024-41145CRITICALCVSS 9.8v24046.2813.2770.10942024-12-18

CVE-2024-41145 [HIGH] CWE-347 CVE-2024-41145: A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or s A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make u

nvd

CVE-2024-42004CRITICALCVSS 9.8v24046.2813.2770.10942024-12-18

CVE-2024-42004 [HIGH] CWE-347 CVE-2024-42004: A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 fo A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable applicati

nvd

CVE-2024-41138CRITICALCVSS 9.8v24046.2813.2770.10942024-12-18

CVE-2024-41138 [HIGH] CWE-347 CVE-2024-41138: A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Mi A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulne

nvd

CVE-2024-21448MEDIUMCVSS 5.0fixed in 1.0.0.20240223022024-03-12

CVE-2024-21448 [MEDIUM] CWE-20 CVE-2024-21448: Microsoft Teams for Android Information Disclosure Vulnerability Microsoft Teams for Android Information Disclosure Vulnerability

nvd

CVE-2024-21374MEDIUMCVSS 5.0fixed in 1.0.0.20240223022024-02-13

CVE-2024-21374 [MEDIUM] CWE-20 CVE-2024-21374: Microsoft Teams for Android Information Disclosure Vulnerability Microsoft Teams for Android Information Disclosure Vulnerability

nvd

CVE-2023-4863HIGHCVSS 8.8KEVfixed in 1.6.00.26463fixed in 1.6.00.264742023-09-12

CVE-2023-4863 [HIGH] CWE-787 CVE-2023-4863: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

nvd

CVE-2023-29328HIGHCVSS 8.8fixed in 1.0.0.2023070204fixed in 1.6.00.17554+2 more2023-08-08

CVE-2023-29328 [HIGH] CWE-416 CVE-2023-29328: Microsoft Teams Remote Code Execution Vulnerability Microsoft Teams Remote Code Execution Vulnerability

nvd

CVE-2023-29330HIGHCVSS 8.8fixed in 1.0.0.2023070204fixed in 1.6.00.17554+2 more2023-08-08

CVE-2023-29330 [HIGH] CWE-416 CVE-2023-29330: Microsoft Teams Remote Code Execution Vulnerability Microsoft Teams Remote Code Execution Vulnerability

nvd

CVE-2023-24881MEDIUMCVSS 6.5fixed in 2.10.12023-07-11

CVE-2023-24881 [MEDIUM] CWE-200 CVE-2023-24881: Microsoft Teams Information Disclosure Vulnerability Microsoft Teams Information Disclosure Vulnerability

nvd

CVE-2020-10146MEDIUMCVSS 5.4fixed in 2020-10-29≥ unspecified, < on or about October 20202020-12-09

CVE-2020-10146 [MEDIUM] CWE-79 CVE-2020-10146: The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displ The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around Octobe

cvelistv5nvd