PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-33113 Microsoft CVE debrief

CVE-2026-33113 is a MEDIUM-severity vulnerability in Microsoft Office SharePoint, with a CVSS score of 5.4. The vulnerability allows an authorized attacker to perform spoofing over a network due to improper neutralization of input during web page generation, also known as cross-site scripting (XSS).

Vendor
Microsoft
Product
Microsoft SharePoint Enterprise Server 2016
CVSS
MEDIUM 5.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-11
Advisory published
2026-06-09
Advisory updated
2026-06-11

Who should care

Administrators and users of Microsoft Office SharePoint Server, particularly those with authorization to access the affected systems.

Technical summary

The vulnerability exists in Microsoft Office SharePoint Server, affecting multiple versions, including SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription. The Common Vulnerabilities and Exposures (CVE) score is 5.4, indicating a MEDIUM severity level. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by Microsoft to vulnerable SharePoint Server installations.
  • Ensure that all SharePoint Server instances are running with the latest security updates.
  • Restrict access to sensitive areas of SharePoint Server to only authorized personnel.
  • Monitor SharePoint Server logs for suspicious activity.

Evidence notes

The CVE-2026-33113 vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability is tracked in the National Vulnerability Database (NVD) and has a corresponding vendor advisory from Microsoft.

Official resources

CVE-2026-33113 was published on 2026-06-09T17:17:04.120Z and modified on 2026-06-11T19:03:42.363Z.