MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams. "When users operate as guests in another tenant, their protections are determined entirely by that hosting...

EUVD-2025-34738

ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user...

CVE-2025-54461

ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user...

ChatLuck 安全漏洞

ChatLuck is an enterprise internal and external communication software from ChatLuck Japan. A security vulnerability exists in ChatLuck that stems from insufficient access control granularity when inviting guest users, which could result in uninvited guest users registering as guest users...

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...

Mattermost 跨站脚本漏洞

A security vulnerability exists in Mattermost, an open source collaboration platform from Mattermost Inc. in the U.S. The vulnerability allows a registered user with special privileges to invite guest users to inject unescaped HTML content into an email invitation. No details of the vulnerability...