PatchSiren cyber security CVE debrief
CVE-2026-45644 Microsoft CVE debrief
CVE-2026-45644 is a HIGH severity vulnerability in Microsoft Live Share Canvas SDK with a CVSS score of 8. The vulnerability is caused by improper neutralization of input during web page generation, allowing an authorized attacker to elevate privileges over a network. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45644) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-45644).
- Vendor
- Microsoft
- Product
- Microsoft Live Share Canvas SDK
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Microsoft Live Share Canvas SDK should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK. This allows an authorized attacker to elevate privileges over a network.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or mitigations provided by Microsoft to prevent exploitation of this vulnerability.
- Review and update configurations to ensure proper neutralization of input during web page generation.
Evidence notes
The vendor of this product is likely Microsoft, as indicated by the evidence in the vendor section.
Official resources
-
CVE-2026-45644 CVE record
CVE.org
-
CVE-2026-45644 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45644 was published on 2026-06-09T17:17:31.533Z and last modified on 2026-06-09T19:32:51.440Z.