Primary

Context

Microsoft M365 Copilot for Desktop Improper Access Control Vulnerability Allowing Local Spoofing

Vulnerability

A vulnerability exists in Microsoft 365 Copilot for Desktop due to improper access control, enabling an unauthorized attacker to perform spoofing locally. This issue affects all versions of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing actions being performed locally within the application.

Remediation

Users are advised to download the security update for Microsoft 365 Copilot for Desktop, available through the Microsoft Store.

Added: May 12, 2026, 7:14 PM

Updated: May 12, 2026, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft M365 Copilot for Desktop Improper Access Control Vulnerability Allowing Local Spoofing

Vulnerability

Impact

Remediation

Affected Products

Microsoft M365 Copilot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating