CVE-2026-32185: Microsoft Teams Spoofing Vulnerability
Overview
- Severity
- Medium (CVSS 5.5)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-May
- Released
- 2026-05-12
- Last Updated
- 2026-05-21
- EPSS Score
- 0.47% (percentile: 37.0%)
Description
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
FAQ
Are the updates for Microsoft Teams for Android currently available?
Yes. As of May 21, 2026, the security update for Microsoft Teams for Android is available. Customers running Microsoft Teams for Android should ensure the update is installed to be protected from this vulnerability.
Affected Products (1)
Microsoft Office
- Microsoft Teams for Android
Security Updates (1)
Acknowledgments
Ofek Levin Enclave with <a href="https://enclave.ai/">Enclave</a>
Revision History
- 2026-05-12: Information published.
- 2026-05-18: The security update for Microsoft Teams for Android is not immediately available. Customers running affected Microsoft Teams for would need to install the update to be protected from this vulnerability, once the update becomes available.
- 2026-05-21: Microsoft is announcing the availability of the security update for Microsoft Teams for Android. Customers running affected Microsoft Teams for Android should install the update for their product to be protected from this vulnerability.