PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45479 Microsoft CVE debrief

CVE-2026-45479 is a MEDIUM-severity vulnerability (CVSS Score: 4.6) affecting Microsoft Office SharePoint. The vulnerability, published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45479) (resourceLinkAnnotations: cve-org), allows an authorized attacker to perform spoofing over a network due to improper neutralization of input during web page generation, also known as cross-site scripting (XSS).

Vendor
Microsoft
Product
Sharepoint Server
CVSS
MEDIUM 4.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-10
Advisory published
2026-06-09
Advisory updated
2026-06-10

Who should care

Administrators and users of Microsoft Office SharePoint Server, particularly those with versions 2016, 2019, and Subscription, should be aware of this vulnerability.

Technical summary

The vulnerability exists in Microsoft Office SharePoint Server due to improper neutralization of input during web page generation. This allows an authorized attacker to perform spoofing over a network. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by Microsoft to vulnerable SharePoint Server versions.
  • Restrict access to SharePoint Server to only trusted users and networks.
  • Monitor SharePoint Server logs for suspicious activity.

Evidence notes

The CVE-2026-45479 vulnerability was published on 2026-06-09T17:17:22.263Z and modified on 2026-06-10T19:42:22.577Z. The vulnerability affects SharePoint Server versions, including 2016, 2019, and Subscription. Microsoft has provided a vendor advisory for this vulnerability (resourceLinkAnnotations: ref-4).

Official resources

CVE-2026-45479 was published on 2026-06-09T17:17:22.263Z and modified on 2026-06-10T19:42:22.577Z.