Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-41100

CVE-2026-41100

MEDIUM4.4

Microsoft 365 Copilot for Android Spoofing Vulnerability

Published May 12, 2026

Modified Yesterday

Details

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41100

https://www.cve.org/CVERecord?id=CVE-2026-41100

CVSS Analysis

CVSS v3.1

4.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

4.4/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weakness Type (CWE)

Configuration

Improper Access Control

Ecosystems

Timeline

PublishedMay 12, 2026

ModifiedMay 15, 2026

CVE-2026-41100 | Mondoo Vulnerability Intelligence