2022 Microsoft Teams RCE
The deeplink handler for
/l/task/:appId
in Microsoft Teams can load an arbitrary URL in webview/iframe. An attacker can leverage this with teams RPC’s functionality to get code execution outside the sandbox. 2022 Microsoft Teams RCE