Critical Security Vulnerability Discovered in Microsoft Apps for Android

Security researchers from Enclave have discovered a serious security vulnerability in several Microsoft 365 apps for Android. This flaw affects Microsoft Word, Excel, PowerPoint, OneNote, Microsoft 365 Copilot, and Microsoft Loop, among others. The discovery poses a significant risk to billions of users, as attackers can access personal data unnoticed. The vulnerability allows any other app installed on the same Android device to unauthorizedly access a Microsoft 365 account token. This means that an attacker who places their own app on the user's device can act as the logged-in account.

This could lead to sensitive information such as contacts, chat histories, emails, and documents falling into the wrong hands. The security researchers from Enclave explained that the vulnerability is based on a feature intended to facilitate logins to the Microsoft apps. A flag named setIsDebugMode in the apps allowed access to the account token created during login. However, a flaw in this implementation permitted all installed apps to access the token, significantly worsening the security situation. A potential attacker could exploit this gap to conduct phishing attempts or take over accounts.

The security researchers pointed out that the impact of this vulnerability could be severe for both individuals and businesses, especially when users are logged in with a work account. Microsoft has responded to the discovery and provided corresponding security updates. These fixes were released on May 12, 2026, as part of the latest Patch Day. Users are strongly urged to update their affected applications immediately to protect themselves from potential attacks.

To ensure that the latest security updates are installed, users should check the versions of Word, PowerPoint, Excel, Microsoft 365 Copilot, OneNote, and Microsoft Loop on their Android devices. If the latest versions are not installed, the apps must be updated via the Google Play Store. Alternatively, users can also contact their organization for assistance. The vulnerability has drawn the attention of IT security experts, who emphasize the importance of regular updates and security checks. The discovery of this vulnerability highlights the necessity of following security practices, especially at a time when cyberattacks are becoming increasingly frequent.

The vulnerability has been registered under the CVE number CVE-2026-1234. According to Enclave, this flaw could potentially affect millions of users worldwide, underscoring the urgency of the update. Microsoft has announced that further information regarding the security updates will be provided in the coming weeks. The discovery of this security vulnerability may also impact the development of future security protocols at Microsoft. Experts expect the company to rethink its security architecture to avoid similar issues in the future. The security researchers from Enclave have already published their recommendations for improving security practices.