Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks - CyberSecurityNews

HomeCyber Security News Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks By Guru Baran May 13, 2026 A newly disclosed security vulnerability in Microsoft Teams could allow attackers to spoof local devices, raising concerns for enterprises and individual users who rely on the platform for daily communications. Microsoft disclosed CVE-2026-32185 on May 12, 2026, as part of its coordinated May 2026 Patch Tuesday Vulnerability disclosure process. The flaw exposes a critical weakness in how Microsoft Teams handles file and directory access, potentially allowing an attacker to manipulate or impersonate trusted elements within the application. At its core, the vulnerability stems from files or directories in Microsoft Teams being accessible to external parties. This misconfiguration enables an unauthorized local attacker to perform spoofing attacks, allowing them to deceive users into trusting malicious content or communications that appear legitimate. While the attack requires user interaction and is limited to a local attack vector, its potential impact on data confidentiality is rated High, making it a serious concern for sensitive enterprise environments. The flaw carries a CVSS 3.1 base score of 5.5, with an adjusted environmental score of 4.8, and has been rated Important in severity by Microsoft. Notably, no privileges are required to exploit the vulnerability, lowering the barrier for a motivated attacker operating in a shared or compromised local environment. As of the publication date, the vulnerability has not been publicly disclosed or actively exploited in the wild. Microsoft’s exploitability assessment categorizes it as “Exploitation Less Likely,” and no proof-of-concept exploit code has been confirmed. The remediation level is marked as Official Fix, meaning a patch is already available. The vulnerability specifically affects Microsoft Teams for Android, with the patched build number listed as 1.0.0.2026092103. Users are required to take action to apply the update available through the Google Play Store. Patch and Mitigation Microsoft has released a security update for Microsoft Teams for Android via the Google Play Store. Users and administrators are strongly encouraged to update to the latest build immediately to mitigate exposure. Security researcher Ofek Levin from Enclave is credited with responsibly disclosing the vulnerability to Microsoft through coordinated disclosure. Organizations running Microsoft Teams in regulated or high-security environments should prioritize this patch, particularly on mobile endpoints where Teams is deployed for business communication. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules TeamPCP and BreachForums Hackers Running $1,000 Contest for Supply Chain Attacks Hackers Deploy Modular RAT With Credential Theft and Screenshot Capture Capabilities Critical SandboxJS Escape Vulnerability Enables Host Takeover ODINI Malware Uses CPU Magnetic Emissions to Breach Faraday-Shielded Air-Gapped Computers Latest News Cyber Security News Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets Cyber Security News Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network Cyber Security News New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass Cyber Attack News node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack Cyber Security News Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security