Skip to main content

Microsoft SharePoint CVE-2026-55020

| EUVDEUVD-2026-44165 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 microsoft GHSA-vgmh-pfx7-6657
5.4
CVSS 3.1 · NVD
Temporal: 4.0
Share

Severity by source

Vendor (microsoft) PRIMARY
MEDIUM
qualitative
NVD
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
4.0 MEDIUM
cvss
vuln.today AI
4.6 MEDIUM

Network-accessible XSS requiring authenticated low-privilege contributor access and victim page interaction; scope unchanged and no availability impact per spoofing-only characterization.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Jul 15, 2026 - 15:22 NVD
4.6 (MEDIUM) 5.4 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 22:00 vuln.today
CVE Published
Jul 14, 2026 - 17:08 nvd
MEDIUM 4.6

DescriptionNVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables an authenticated attacker with low-privilege network access to inject malicious scripts into SharePoint pages, resulting in spoofing impacts when a victim user interacts with the crafted content. The CVSS vector (PR:L/UI:R) confirms exploitation requires both an existing authenticated account and victim interaction, constraining real-world risk relative to unauthenticated XSS variants. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege SharePoint account
Delivery
Inject XSS payload into SharePoint content field
Exploit
Victim navigates to malicious page
Execution
Script executes in victim's browser
Impact
Attacker achieves spoofing or session manipulation

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid, authenticated SharePoint account with at least low-level contribution permissions (e.g., site member or equivalent) sufficient to submit or modify content that will be rendered to other users - this is the CVSS PR:L condition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 4.6 (Medium) is calibrated primarily by the PR:L and UI:R constraints, which materially reduce exploitability relative to unauthenticated or no-interaction XSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated SharePoint user with low-privilege site member access crafts a malicious payload embedded in a SharePoint list field, page body, or web part that is not properly sanitized on output. When a higher-privileged user - such as a site owner or administrator - navigates to the affected page, the script executes in their browser within the SharePoint origin, potentially capturing their session cookie or performing SharePoint API actions under their identity to achieve spoofing. …
Remediation Patch available per vendor advisory - apply the Microsoft-released security update for the applicable SharePoint product line as documented at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55020. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-58644 CRITICAL POC
9.8 Jul 14

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-58277 HIGH
8.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55034 HIGH
8.7 Jul 14

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

Share

CVE-2026-55020 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy