本ページは microsoft teams に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-42835 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network. | [email protected] | 8.1 | 1.09% | 2026-06-09 | 2026-06-12 |
| CVE-2026-32185 | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | [email protected] | 5.5 | 0.49% | 2026-05-12 | 2026-05-18 |
| CVE-2026-33823 | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | [email protected] | 9.6 | 0.72% | 2026-05-07 | 2026-05-08 |
| CVE-2026-26133 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | [email protected] | 7.1 | 0.43% | 2026-03-16 | 2026-04-09 |
| CVE-2026-21535 | Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | [email protected] | 8.2 | 0.59% | 2026-02-19 | 2026-02-20 |
| CVE-2025-53783 | Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | [email protected] | 7.5 | 0.76% | 2025-08-12 | 2025-09-03 |
| CVE-2025-49737 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. | [email protected] | 7.0 | 0.18% | 2025-07-08 | 2026-02-13 |
| CVE-2025-49731 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | [email protected] | 3.1 | 0.37% | 2025-07-08 | 2026-02-13 |
| CVE-2024-42004 | A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | [email protected] | 7.1 | 0.78% | 2024-12-18 | 2025-08-26 |
| CVE-2024-41145 | A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | [email protected] | 7.1 | 0.77% | 2024-12-18 | 2025-08-26 |
| CVE-2024-41138 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | [email protected] | 7.1 | 0.87% | 2024-12-18 | 2025-08-26 |
| CVE-2024-38197 | Microsoft Teams for iOS Spoofing Vulnerability | [email protected] | 6.5 | 15.89% | 2024-08-13 | 2024-10-22 |
| CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | [email protected] | 5.0 | 1.24% | 2024-03-12 | 2024-12-05 |
| CVE-2024-21374 | Microsoft Teams for Android Information Disclosure Vulnerability | [email protected] | 5.0 | 0.97% | 2024-02-13 | 2024-11-21 |
| CVE-2023-4863 KEV | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | [email protected] | 8.8 | 99.74% | 2023-09-12 | 2025-10-24 |
| CVE-2023-29330 | Microsoft Teams Remote Code Execution Vulnerability | [email protected] | 8.8 | 2.10% | 2023-08-08 | 2024-11-21 |
| CVE-2023-29328 | Microsoft Teams Remote Code Execution Vulnerability | [email protected] | 8.8 | 2.04% | 2023-08-08 | 2024-11-21 |
| CVE-2023-24881 | Microsoft Teams Information Disclosure Vulnerability | [email protected] | 6.5 | 1.50% | 2023-07-11 | 2024-11-21 |
| CVE-2022-21965 | Microsoft Teams Denial of Service Vulnerability | [email protected] | 7.5 | 2.76% | 2022-02-09 | 2025-01-02 |
| CVE-2021-24114 | Microsoft Teams iOS Information Disclosure Vulnerability | [email protected] | 5.7 | 2.84% | 2021-02-25 | 2024-11-21 |