{"data":{"id":"1ac850cf-0acd-4c53-ae13-ebf2b18674c0","title":"CVE-2026-41100: Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.","summary":"CVE-2026-41100 is a vulnerability in Microsoft 365 Copilot where improper access control (weak rules that don't properly check who should be allowed to do something) allows an authorized attacker to perform spoofing (impersonating someone or something else) on a local system. The vulnerability has a CVSS 4.0 severity rating (a moderate security concern on a 0-10 scale).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41100","publishedAt":"2026-05-12T18:17:21.507Z","cveId":"CVE-2026-41100","cweIds":["CWE-284"],"cvssScore":"4.4","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","M365 Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T18:17:21.507Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}