CVE Catalog

CVE-2026-42835

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

39th percentile - higher than 39% of all known CVEs

Summary

Microsoft Teams for Android has improper neutralization of special elements in output, allowing an authorized attacker to disclose information over a network.

Risk Assessment

An attacker could exploit this vulnerability to disclose sensitive information over the network, posing a risk to the organization's data security.

Recommendation

It is recommended to update Microsoft Teams to the latest version and monitor application access for potential attack attempts.

Original NVD description (English source)

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS