CVE-2026-41614: M365 Copilot for Desktop Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.2)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2026-May

Released

2026-05-12

Description

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

Affected Products (1)

Apps

• M365 Copilot for Desktop

Security Updates (1)

• Release Notes

Acknowledgments

Artem Shymshyrian (Xtytia0922 - V-Spot)

Revision History

• 2026-05-12: Information published.