Description
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Published: 2026-05-12
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Files or directories that are accessible to external parties in Microsoft Teams can be exploited by an unauthorized attacker to forge identities locally, thereby impersonating other users or organizations. The weakness arises from excessive exposure of file or directory contents, classified as CWE‑552, enabling attackers to create deceptive contexts. This compromise affects the confidentiality of user identities but does not necessarily allow code execution or service disruption.

Affected Systems

Microsoft Teams for Android is affected. No specific version numbers are listed in the CNA data, so any installation may be vulnerable until a patch is released.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.5, indicating moderate severity. EPSS is not available, and the flaw is not listed in CISA's KEV catalog, suggesting limited public exploitation as of now. The likely attack vector is local, requiring unauthorized access to the device running Teams, so the risk is primarily to users who may be impersonated by attackers with local privileges.

Generated by OpenCVE AI on May 12, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Microsoft Teams updates that address file and directory exposure as they are released.
  • Restrict local file and directory access permissions on devices running Teams to limit unauthorized users.
  • Review and tighten Teams app data and file‑sharing settings to disable unnecessary sharing with external parties.

Generated by OpenCVE AI on May 12, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Title Microsoft Teams Spoofing Vulnerability
First Time appeared Microsoft
Microsoft teams
Weaknesses CWE-552
CPEs cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*
Vendors & Products Microsoft
Microsoft teams
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Teams
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:33.150Z

Reserved: 2026-03-11T00:26:53.426Z

Link: CVE-2026-32185

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:16:59.430

Modified: 2026-05-12T18:16:59.430

Link: CVE-2026-32185

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:45:15Z

Weaknesses