Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data

Microsoft disclosed CVE-2026-42835, an Important (CVSS 3.1 base score 8.1) information-disclosure vulnerability in Microsoft Teams for Android that could allow an authenticated remote attacker with low privileges to read portions of heap memory; Microsoft reports exploitation as "Less Likely," no active exploitation observed, exploit code maturity as Unproven, and has released a security update via Google Play—administrators and users are advised to update immediately.