Microsoft disclosed CVE-2026-42835, an Important-severity information disclosure vulnerability in Microsoft Teams for Android that could allow a remote, authenticated low-privileged attacker to access small portions of heap memory without user interaction. The flaw, classified as CWE-74 for improper neutralization of special elements in output used by a downstream component, carries a CVSS 3.1 score of 8.1 and may expose sensitive runtime data including authentication tokens, session information, or cached credentials.
Microsoft said the vulnerability was responsibly reported by Ofek Levin of Enclave through its coordinated disclosure program and has released a security update through the Google Play Store. The company stated that exploitation is considered less likely and that it had seen no public disclosure or evidence of active exploitation at the time of publication, but organizations using Teams for sensitive internal communications were urged to update affected Android clients promptly.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft disclosed that CVE-2026-42835 is a CWE-74 injection issue in Teams for Android that could let an authenticated low-privileged attacker remotely disclose small portions of heap memory without user interaction. Microsoft rated the flaw CVSS 8.1, assessed exploitation as less likely, and said no public disclosure or active exploitation had been observed at the time of reporting.
Microsoft said the Teams for Android information disclosure flaw CVE-2026-42835 was responsibly disclosed by Ofek Levin of Enclave through Microsoft's coordinated vulnerability disclosure program.
On 2026-06-09, Microsoft released an Important-severity security update for Microsoft Teams for Android addressing CVE-2026-42835. The update was made available through the Google Play Store.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.