A remote attacker can exploit this information disclosure vulnerability (CVE-2026-26133) in multiple Microsoft mobile and Mac applications to access and manipulate sensitive data on a targeted system. The affected products include Office apps (Excel, Word, PowerPoint, Outlook, OneNote), Teams, Loop, Copilot, Power BI, and Edge on iOS and Android platforms, as well as Outlook for Mac. Microsoft has published mitigation guidance, and administrators should immediately apply fixes from the vendor's update guide at the provided MSRC link.
A vulnerability was identified in Microsoft products. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure and data manipulation on the targeted system. Impact Information Disclosure Data Manipulation System / Technologies affected Microsoft Office: Excel (iOS, Android) Word (iOS, Android) PowerPoint (iOS, Android) Outlook (iOS, Android, Mac) OneNote (iOS, Android) Teams (iOS, Android) Loop (iOS) Microsoft 365 Apps: Copilot (iOS, Android) Microsoft Power BI: Power BI (iOS, Android) Microsoft Edge Browser: Edge (iOS, Android) Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply fixes or mitigations issued by the vendor: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133