Home
MEDIUM: 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 1.0 (custom) before 16.0.19822.20190
affected
16.0.0.0 (custom) before 16.0.19822.20190
affected
1.0.0 (custom) before 16.0.19822.20190
affected
16.0.1 (custom) before 16.0.19822.20190
affected
16.0.0.0 (custom) before 16.0.19822.20190
affected
16.0.0.0 (custom) before 16.0.19822.20190
affected
Description
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Problem types
CWE-284: Improper Access Control
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41100 (Microsoft 365 Copilot for Android Spoofing Vulnerability)