VDB

CVE-2026-42835

CVE-2026-42835 PUBLISHED CVSS 8.1 HIGH

Reported by microsoft · Published June 9, 2026

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

Risk Scores

CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Teams for Android1.0.0
MicrosoftMicrosoft Teams for Android1.0.0, 1.0.0, 1.0.0
microsoftteams1.0.0, 1.0.0, 1.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 10, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›