Skip to main content

Microsoft SharePoint CVE-2026-62826

| EUVDEUVD-2026-45063 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-16 microsoft GHSA-xpgg-r72x-rgc7
4.6
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
4.6 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
vuln.today AI
4.6 MEDIUM

PR:L because a valid SharePoint account is required; UI:R because victim must render injected content; S:U and C:L/I:L as impact is application-scoped with no availability effect.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 22:31 vuln.today
CVE Published
Jul 16, 2026 - 22:02 nvd
MEDIUM 4.6

DescriptionCVE.org

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

AnalysisAI

Stored or reflected cross-site scripting in Microsoft SharePoint Server allows an authenticated low-privileged attacker to inject malicious script content that executes in a victim's browser, enabling spoofing attacks over a network. Affected deployments span SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege SharePoint account
Delivery
Inject malicious script into SharePoint content field
Exploit
Craft or share link to poisoned page
Execution
Victim navigates to page
Persist
Script executes in victim's browser
Impact
Perform spoofing or session token exfiltration

Vulnerability AssessmentAI

Exploitation Requires an authenticated attacker holding at minimum a low-privilege SharePoint account (CVSS PR:L) - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.6 Medium score is consistent with the actual threat model here: PR:L mandates an existing authenticated SharePoint account, and UI:R requires a victim to actively visit or render the malicious content - both factors meaningfully reduce opportunistic exploitation compared to unauthenticated or interaction-free XSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege SharePoint account (e.g., a standard organizational user or a compromised account) injects malicious JavaScript into a SharePoint list field, page description, or web part that accepts user-controlled HTML input. When a higher-privileged user or administrator navigates to that page, the injected script executes in their browser session, allowing the attacker to perform spoofing actions - such as rendering a fake login prompt, exfiltrating the victim's SharePoint session token, or silently modifying visible page content - without any elevated SharePoint permissions of their own.
Remediation Patch available per vendor advisory - apply the Microsoft-released security update for the relevant SharePoint server version (2016, 2019, or Subscription Edition) via the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-62826. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-58644 CRITICAL POC
9.8 Jul 14

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) all

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-58277 HIGH
8.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55034 HIGH
8.7 Jul 14

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

Share

CVE-2026-62826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy