Skip to main content

Microsoft SharePoint CVE-2026-55034

| EUVDEUVD-2026-44175 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 microsoft GHSA-r9f8-rwrc-5664
8.7
CVSS 3.1 · NVD
Temporal: 6.4
Share

Severity by source

Vendor (microsoft) PRIMARY
HIGH
qualitative
NVD
8.7 HIGH
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
6.4 MEDIUM
cvss
vuln.today AI
7.6 HIGH

Authenticated contributor (PR:L) and victim interaction (UI:R) are required; stored XSS crosses trust scope (S:C) and steals/impersonates session data (C:H), with limited integrity and no availability impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Analysis Updated
Jul 15, 2026 - 15:34 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 15, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
Jul 15, 2026 - 15:22 NVD
7.3 (HIGH) 8.7 (HIGH)
Analysis Generated
Jul 14, 2026 - 19:29 vuln.today
CVE Published
Jul 14, 2026 - 17:08 nvd
HIGH 7.3

DescriptionNVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing across a network. The scope-changed CVSS 3.1 rating of 8.7 (vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) reflects the ability to break out of the vulnerable component's security context and impact victim data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged SharePoint user
Delivery
Inject XSS payload into shared content
Exploit
Victim opens crafted page
Execution
Script runs in victim's session
Impact
Spoof victim and access data

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold a low-privileged but authenticated SharePoint account (PR:L) with the ability to submit content that is rendered to other users, and it requires a victim to view that attacker-controlled content (UI:R) - so a stored/reflected XSS pathway into a shared page, list, or web part is the concrete prerequisite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely aligned toward a real but conditional risk rather than an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a normal SharePoint contributor account stores a malicious script payload in a page, list item, or web-part field on a site that other users routinely visit. When a higher-privileged colleague opens that content, the script executes in their authenticated SharePoint session, letting the attacker impersonate (spoof) them and act on their data. …
Remediation Vendor-released patch: apply the Microsoft security updates that raise builds to at least 16.0.10417.20175 (SharePoint Server 2019), 16.0.19725.20434 (SharePoint Server Subscription Edition), or 16.0.5561.1001 (SharePoint Enterprise Server 2016), following the guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55034. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all on-premises Microsoft SharePoint Server deployments and document their current versions against the affected scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-58644 CRITICAL POC
9.8 Jul 14

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-58277 HIGH
8.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

CVE-2026-55127 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized

Share

CVE-2026-55034 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy