Skip to main content

Microsoft SharePoint CVE-2026-45454

| EUVDEUVD-2026-35538 MEDIUM
Path Traversal (CWE-22)
2026-06-09 secure@microsoft.com GHSA-j6gx-wmw5-cqj8
6.5
CVSS 3.1 · NVD
Temporal: 5.7
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
5.7 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 19:49 vuln.today
Patch available
Jun 09, 2026 - 19:03 EUVD
CVE Published
Jun 09, 2026 - 17:17 nvd
MEDIUM 6.5

DescriptionNVD

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

AnalysisAI

Path traversal in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated low-privileged attacker to execute code over a network by escaping the intended directory scope. Affected builds span all three actively maintained SharePoint Server product lines, with vendor-confirmed patches available for each. No public exploit code has been identified at time of analysis, and this CVE is not currently listed in the CISA KEV catalog; however, the low attack complexity (AC:L) and no user interaction requirement (UI:N) make it a credible target for exploitation once an attacker has any valid SharePoint credential.

Technical ContextAI

CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) describes a class of vulnerability where user-controlled path segments - such as '../' sequences or absolute path references - are not adequately sanitized before being used to access filesystem or web resources. In SharePoint's case, the affected code path likely involves a server-side file operation (document library access, page rendering, or a REST/SOAP endpoint) that accepts a caller-supplied path and resolves it without sufficiently canonicalizing or bounding it within the SharePoint web root or content database directory. The CPE-implied scope covers Microsoft SharePoint Server 2016 (all 16.0.x builds prior to 16.0.5556.1005), SharePoint Server 2019 (all 16.0.x builds prior to 16.0.10417.20153), and SharePoint Server Subscription Edition (all 16.0.x builds prior to 16.0.19725.20384). All three product lines share the same major version branch (16.0), suggesting a common code ancestry and a coordinated patch across all three.

RemediationAI

The primary remediation is to apply the Microsoft-released patches for each affected product line. Upgrade Microsoft SharePoint Server 2019 to build 16.0.10417.20153 or later, Microsoft SharePoint Server Subscription Edition to build 16.0.19725.20384 or later, and Microsoft SharePoint Enterprise Server 2016 to build 16.0.5556.1005 or later. Patches are confirmed available per vendor (reported by secure@microsoft.com); full details are at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45454. If immediate patching is not feasible, compensating controls include restricting SharePoint access to known trusted user accounts and IP ranges at the perimeter or WAF layer to prevent low-privilege external users from reaching the vulnerable endpoint - note this does not protect against internal threat actors. Additionally, auditing SharePoint ULS logs for path traversal patterns (sequences containing '../', '%2e%2e', or absolute path references in request URLs) can help detect exploitation attempts. Disabling anonymous or externally federated authentication temporarily reduces the authenticated low-privilege attack surface but may impact business functionality.

Share

CVE-2026-45454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy