CVE Catalog
CVE-2026-42835
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.18%
39th percentile - higher than 39% of all known CVEs
Summary
Microsoft Teams for Android has improper neutralization of special elements in output, allowing an authorized attacker to disclose information over a network.
Risk Assessment
An attacker could exploit this vulnerability to disclose sensitive information over the network, posing a risk to the organization's data security.
Recommendation
It is recommended to update Microsoft Teams to the latest version and monitor application access for potential attack attempts.
Original NVD description (English source)
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

