{"data":{"id":"e3165214-6bf1-4844-889b-640404eea176","title":"CVE-2026-41614: Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.","summary":"CVE-2026-41614 is a vulnerability in Microsoft 365 Copilot for Desktop caused by improper access control (a weakness where the software fails to properly restrict who can do what), allowing an unauthorized attacker to perform spoofing (making something appear to come from someone else) on a local computer. The vulnerability has a CVSS 4.0 severity rating, though a full assessment from NIST has not yet been provided.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41614","publishedAt":"2026-05-12T18:17:23.363Z","cveId":"CVE-2026-41614","cweIds":["CWE-284"],"cvssScore":"6.2","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","M365 Copilot for Desktop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T18:17:23.363Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}