Microsoft Teams information disclosure (CVE-2026-33823)

Patch now - CVE-2026-33823 is a critical improper authorization vulnerability in Microsoft Teams that lets an authorized attacker disclose information over the network. Microsoft released a security update in the April 2026 Patch Tuesday cycle; update Teams clients immediately.

Overview

CVE-2026-33823 is a critical authorization bypass vulnerability affecting Microsoft Teams. The flaw, assigned a CVSS score of 9.6, stems from improper authorization controls that allow an already-authenticated attacker to access and disclose sensitive information across the network. The vulnerability is remotely exploitable with low attack complexity and requires no user interaction to trigger.

What the Attacker Gains

An attacker with low privileges on a network can exploit CVE-2026-33823 to extract information from Microsoft Teams that they should not have access to. This could include internal chat logs, shared files, meeting details, or other organizational data processed through the platform. The unauthorized disclosure of such information could lead to business intelligence leaks, credential exposure, or expanded attack surfaces for follow-on intrusions.

Affected Systems

All current Microsoft Teams client versions are affected. The vulnerability was addressed in the April 2026 security updates for Microsoft Teams. Organizations using Microsoft Teams from any deployment channel should prioritize applying the latest updates.

Remediation

Apply the Microsoft April 2026 security update for Microsoft Teams as soon as possible. For enterprise environments managed through Microsoft 365 admin centers, ensure update policies are configured to deliver the patch to all clients automatically. If automatic updates are blocked or delayed, manually update Teams clients via the in-app “Check for updates” option or redeploy the latest MSI package from the Microsoft 365 admin portal.

Mitigation

If immediate patching is not possible, restrict network access to Teams services and limit the number of users with authenticated access to the platform. Monitor for unusual activity in Teams data access logs. However, these are temporary measures - the only complete fix is the vendor patch.

Security Insight

CVE-2026-33823 highlights a persistent class of vulnerabilities: authorization failures in collaboration platforms that assume authenticated users have uniform trust levels. As enterprise communication tools like Microsoft Teams become repositories of highly sensitive data - from executive decisions to customer PII - the blast radius of authentication and authorization flaws expands dramatically. Vendors must move beyond basic authentication to enforce granular, context-aware authorization models that treat every data access request as potentially adversarial. Related threat activity, such as APT28’s DNS hijacking campaigns against Microsoft 365 environments, demonstrates that state-sponsored actors are actively targeting collaboration infrastructure, making this patch a critical priority for any organization using Teams. For broader context on current threats, see our Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12 and coverage of Storm-1175 Exploits Zero-Days to Deploy Medusa.

Further Reading

• Weekly Threat Roundup: APT28 DNS Hijacking (Apr 6-12
• APT28 Hijacks SOHO Routers - Microsoft 365 Credentials
• Storm-1175 Exploits Zero-Days to Deploy Medusa
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs