Skip to main content

Microsoft SharePoint CVE-2026-55126

| EUVDEUVD-2026-44207 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 microsoft GHSA-rmf4-c853-35q8
5.4
CVSS 3.1 · NVD
Share

Severity by source

Vendor (microsoft) PRIMARY
HIGH
qualitative
NVD
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ENISA EUVD
HIGH
qualitative
vuln.today AI
4.6 MEDIUM

Network XSS needing an authenticated account (PR:L) and victim interaction (UI:R); stored XSS in same origin keeps S:U, and realistic session-scoped impact is Low rather than High.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Severity Changed
Jul 16, 2026 - 14:37 NVD
HIGH MEDIUM
CVSS changed
Jul 16, 2026 - 14:37 NVD
7.3 (HIGH) 5.4 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 19:19 vuln.today
CVE Published
Jul 14, 2026 - 17:08 nvd
HIGH 7.3

DescriptionNVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Stored/reflected cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an authenticated attacker inject script that executes in another user's browser session to spoof content over the network. Although Microsoft classifies the impact as 'spoofing,' the CVSS 3.1 vector rates confidentiality and integrity as High (C:H/I:H), indicating the injected script can access or alter sensitive session data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege SharePoint account
Delivery
Inject script into unencoded content field
Exploit
Victim opens affected page
Execution
Payload executes in victim session
Impact
Spoof content or hijack session actions

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid low-privilege SharePoint account (PR:L) with permission to submit content into a vulnerable field, and it requires a victim user to interact by viewing the crafted page (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.3 (High) with vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N - network reachable, low complexity, but requiring low-privilege authentication (PR:L) and victim interaction (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege SharePoint account stores a malicious script payload in a field that is rendered without proper encoding (for example a list item, document title, or web part). When a higher-privileged colleague opens that page, the script executes in their authenticated session, allowing the attacker to read page data or perform spoofed actions as that user. …
Remediation Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-55126 to all affected SharePoint Enterprise Server 2016, Server 2019, and Subscription Edition farms via the Microsoft Update Guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55126 (exact fix build numbers are published there; confirm them before deployment). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all SharePoint deployments to identify systems running Enterprise Server 2016, 2019, or Subscription Edition, and classify by business criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-58644 CRITICAL POC
9.8 Jul 14

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-58277 HIGH
8.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55034 HIGH
8.7 Jul 14

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

Share

CVE-2026-55126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy