Skip to main content

Microsoft SharePoint CVE-2026-58277

| EUVDEUVD-2026-44282 HIGH
Improper Authorization (CWE-285)
2026-07-14 microsoft GHSA-qhm9-9gfp-672c
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
8.8 HIGH

Network-reachable authorization bypass usable by any authenticated low-privileged user (PR:L, AV:N, AC:L) with no interaction, granting high confidentiality, integrity, and availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:53 vuln.today
CVE Published
Jul 14, 2026 - 17:09 nvd
HIGH 8.8

DescriptionCVE.org

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated network attacker to abuse an improper authorization check to gain higher privileges within the SharePoint environment. The flaw is tagged as an authentication bypass and carries a CVSS 8.8, reflecting high impact to confidentiality, integrity, and availability from a low-privileged starting point. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privileged SharePoint account
Delivery
Send crafted request to vulnerable endpoint
Exploit
Bypass improper authorization check
Execution
Elevate to higher privileges in farm
Impact
Access or modify restricted content

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold valid authenticated access to the on-premises SharePoint site (CVSS PR:L), so this is not a pre-authentication attack; a low-privileged SharePoint account such as a standard site user is the concrete prerequisite. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) describes a network-reachable, low-complexity attack requiring only low privileges and no user interaction, yielding high impact across all three security properties - a genuinely high-priority profile for any organization running on-prem SharePoint. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been granted a low-privileged SharePoint account (for example a standard site member, or a compromised employee credential) sends crafted requests to the SharePoint web application that invoke a function whose authorization check is flawed. Because the check fails to enforce the required privilege level, the attacker performs actions reserved for administrators or higher-tier users, escalating their effective privileges within the farm. …
Remediation Patch available per vendor advisory - apply the Microsoft security update for CVE-2026-58277 to all SharePoint Enterprise Server 2016 and SharePoint Server 2019 farm servers, following the guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58277 and confirming the exact fixed build for your product from that page. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Microsoft SharePoint Server 2016 and 2019 deployments in your environment and assess privilege levels of users with access to critical document libraries and sites. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-58644 CRITICAL POC
9.8 Jul 14

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55034 HIGH
8.7 Jul 14

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

CVE-2026-55127 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized

Share

CVE-2026-58277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy