HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-45481Published Modified CNA microsoft

CVE-2026-45481: Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Metrics

CVSS v3.1
7.3
Severity
HIGH
Fixed in
16.0.5556.1005
Affected Products
3

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server that allows an authenticated attacker to inject malicious scripts into web pages served to other users, a technique known as spoofing. The vulnerability is reachable over the network, requires a low-privilege account, and also requires a victim to interact with attacker-controlled content. Successful exploitation gives the attacker read access to sensitive data and the ability to modify content within the victim's browser session. Patched-image rebuilds at versions 16.0.5556.1005, 16.0.10417.20153, and 16.0.19725.20384 are available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection for CVE-2026-45481 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream advisory feeds. Coverage extends to custom-built images that package SharePoint components, ensuring no internal variant is missed during pipeline scans.

Available
Triage

HarborGuard is capable of scoring this CVE at 7.3 HIGH (CVSS v3.1) and weighting it against each customer environment's compliance policy before routing findings to the appropriate team inbox. Per-environment policy configuration allows teams to prioritize this issue relative to other open findings without manual re-scoring.

Available
Patch

A patched-image rebuild targeting the fixed versions (16.0.5556.1005, 16.0.10417.20153, or 16.0.19725.20384 depending on the affected edition) becomes available in HarborGuard as soon as upstream packages are published. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the SharePoint service over the network to deliver the malicious payload.

  • AuthenticationRequired

    A low-privilege SharePoint account is sufficient; no admin rights are needed, but unauthenticated access alone is not enough.

  • Victim interactionRequired

    A victim must interact with attacker-controlled content, such as opening a crafted SharePoint page or link, for the injected script to execute.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions or specific environmental configurations.

Blast Radius

  • Reads session tokens, cookies, and page content within the victim's authenticated SharePoint context.
  • Modifies or injects visible page content in the victim's browser, enabling credential-harvesting or phishing within the trusted SharePoint origin.
  • Does not directly crash or degrade the SharePoint service; availability is unaffected by this exploit path.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-45481 fires within minutes of ingesting the advisory, matching all three affected SharePoint editions against images in customer registries and CI pipelines. Where compliance policy permits, patched-image rebuilds at the corrected version for each edition become available automatically, and customers with auto-remediation enabled receive a rebuilt image, a regression-test run, and a PR opened against affected workloads. For environments with auto-remediation enabled, median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes. Until a rebuild is deployed, compensating controls worth considering include network-policy rules that restrict which internal users can reach the SharePoint service, egress filtering to limit cross-origin data exfiltration, and review of SharePoint's built-in HTML sanitization settings to reduce XSS surface.

See how HarborGuard automates this

Fix available

16.0.5556.100516.0.10417.2015316.0.19725.20384
Patch commits
Affected packages
  • Microsoft / Microsoft SharePoint Enterprise Server 2016
    < 16.0.5556.1005 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server 2019
    < 16.0.10417.20153 (from 16.0.0)
  • Microsoft / Microsoft SharePoint Server Subscription Edition
    < 16.0.19725.20384 (from 16.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
References