Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft OneNote for Android

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-41100
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 12.47%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-09 Jun, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft 365 Copilot for Android Spoofing Vulnerability

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotMicrosoft 365 Copilot for AndroidMicrosoft Excel for AndroidMicrosoft OneNote for AndroidMicrosoft Word for AndroidMicrosoft Loop for AndroidMicrosoft PowerPoint for Android
CWE ID-CWE-284
Improper Access Control
CVE-2026-26133
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 17.20%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 21:10
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M365 Copilot Information Disclosure Vulnerability

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_copilotpower_biexcelloopteamswordpowerpointedgeoutlookonenoteMicrosoft Outlook for iOSMicrosoft Edge for iOSMicrosoft OneNoteMicrosoft 365 Copilot for AndroidMicrosoft Outlook for MacMicrosoft Word for AndroidMicrosoft OneNote for AndroidMicrosoft PowerBI for AndroidMicrosoft Teams for iOSMicrosoft 365 Copilot for iOSMicrosoft Outlook for AndroidMicrosoft PowerBI for iOSMicrosoft Excel for AndroidMicrosoft Loop for iOSMicrosoft PowerPoint for AndroidMicrosoft PowerPoint for iOSMicrosoft Edge for AndroidMicrosoft Teams for AndroidMicrosoft Excel for iOSMicrosoft Word for iOS
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-21721
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.12% / 90.97%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OneNote Elevation of Privilege Vulnerability

Microsoft OneNote Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-onenoteMicrosoft OneNote for Android
CWE ID-CWE-287
Improper Authentication