CVE Field Guide
About Us
CVE-2026-41100
PUBLISHED
Microsoft 365 Copilot for Android Spoofing Vulnerability
Assigner:
microsoft
Reserved:
16.04.2026
Published:
12.05.2026
Updated:
12.05.2026
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CVSS Score:
4.4
CVSS score
4.4
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
Low
Privileges Required
Low
Integrity Impact
Low
User Interaction
None
Availability Impact
None
CVSS 3.1
Product Status
Vendor
Microsoft
Product
Microsoft 365 Copilot for Android
Versions
affected from 1.0 to 16.0.19822.20190 (excl.)
References
Microsoft 365 Copilot for Android Spoofing Vulnerability
Problem Types