Spoofing Vulnerability in Microsoft Teams by Microsoft
CVE-2026-32185

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Teams For Android
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-32185?

A flaw in Microsoft Teams exposes files and directories to external access, enabling unauthorized attackers to perform local spoofing attacks. This vulnerability poses a significant risk as it allows malicious users to impersonate legitimate users within the Teams environment, potentially compromising sensitive information. Organizations using Microsoft Teams should assess their configurations and apply the necessary patches to mitigate this risk.

Affected Version(s)

Microsoft Teams for Android 1.0.0 < 1.0.0.2026092402

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32185 Data

JSON