CVE-2026-45467 Microsoft CVE debrief

Who should care

Administrators and users of Microsoft Office SharePoint Server, particularly those with versions 2016, 2019, and Subscription, should be aware of this vulnerability. The affected versions include [cpeCriteria](https://services.nvd.nist.gov/rest/json/cves/2.0?lastModStartDate=2026-06-09T12%3A30%3A41.000Z&lastModEndDate=2026-06-13T12%3A15%3A54.000Z).

Technical summary

The vulnerability is caused by improper neutralization of input during web page generation, allowing an authorized attacker to inject malicious scripts. The CVSS vector for this vulnerability is [cvssVector](https://nvd.nist.gov/vuln/detail/CVE-2026-45467), indicating a Network attack vector with Low complexity and privileges.

Defensive priority

MEDIUM

Recommended defensive actions

• Apply patches or updates provided by Microsoft to vulnerable SharePoint Server versions.
• Implement proper input validation and sanitization for user-generated content.
• Restrict access to sensitive areas of the SharePoint site for users with lower privileges.

Evidence notes

The CVE record [cve-org] and NVD detail [nvd] provide additional information on this vulnerability, including references to vendor advisories [ref-4].

Official resources