CVE-2026-45484: Microsoft SharePoint Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 16.0.5556.1005
- Affected Products
- 3
HarborGuard Analysis
Synopsis
This is a deserialization of untrusted data vulnerability in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition). An authenticated attacker with a low-privilege account can reach the vulnerable endpoint over the network without any additional conditions or victim interaction. Successful exploitation grants the attacker elevated privileges, with full read, write, and availability impact on the affected SharePoint instance. Patched-image rebuilds at versions 16.0.5556.1005, 16.0.10417.20153, and 16.0.19725.20384 are available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection for CVE-2026-45484 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle SharePoint components.
AvailableHarborGuard surfaces this vulnerability with its CVSS v3.1 score of 8.8 (HIGH), weighted against each customer organization's compliance policy, and routes findings to the appropriate team inbox within the customer org for prioritization.
AvailablePatched-image rebuilds at the fix versions (16.0.5556.1005 for SharePoint Enterprise Server 2016, 16.0.10417.20153 for SharePoint Server 2019, and 16.0.19725.20384 for the Subscription Edition) are available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the SharePoint service over the network; there is no local-only or adjacent-network restriction.
- AuthenticationRequired
Any low-privilege SharePoint account is sufficient; no administrative credentials are needed.
- Victim interactionNot required
No victim action such as clicking a link or opening a file is needed to trigger exploitation.
- Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.
Blast Radius
- Attacker reads confidential SharePoint content, stored credentials, and site configuration data.
- Attacker modifies or deletes SharePoint documents, list items, and site settings.
- Attacker disrupts availability of the SharePoint service, causing it to become unresponsive to legitimate users.
- With elevated privileges, attacker can pivot to further administrative actions within the SharePoint farm.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-45484 is matched against customer images within minutes of publication, covering all three affected SharePoint product lines. For customers who opt into auto-remediation, HarborGuard rebuilds affected images at the appropriate fix version, runs a regression test, and opens a PR against affected workloads; for HIGH-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy permits automated changes, no manual triage step is required before the PR is raised. For environments where auto-remediation is not enabled, the finding is routed to the designated team inbox with CVSS score, affected image list, and recommended fix versions so engineers can act immediately.
Fix available
- Microsoft / Microsoft SharePoint Enterprise Server 2016< 16.0.5556.1005 (from 16.0.0)
- Microsoft / Microsoft SharePoint Server 2019< 16.0.10417.20153 (from 16.0.0)
- Microsoft / Microsoft SharePoint Server Subscription Edition< 16.0.19725.20384 (from 16.0.0)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C