PatchSiren cyber security CVE debrief
CVE-2026-45454 Microsoft CVE debrief
CVE-2026-45454 is a path traversal vulnerability in Microsoft Office SharePoint. An authorized attacker can exploit this vulnerability to execute code over a network. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM.
- Vendor
- Microsoft
- Product
- Microsoft SharePoint Enterprise Server 2016
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Microsoft Office SharePoint should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint. This allows an authorized attacker to execute code over a network.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch from Microsoft as soon as possible.
- Refer to the vendor advisory for more information: [ref-4](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45454).
Evidence notes
The vulnerability is analyzed and has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Official resources
-
CVE-2026-45454 CVE record
CVE.org
-
CVE-2026-45454 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-45454 was published on 2026-06-09T17:17:19.527Z and modified on 2026-06-10T20:31:21.697Z.