PatchSiren cyber security CVE debrief
CVE-2026-48560 Microsoft CVE debrief
CVE-2026-48560 is a MEDIUM-severity vulnerability (CVSS Score: 5.4) affecting Microsoft Office SharePoint. The vulnerability involves improper neutralization of input during web page generation, allowing an authorized attacker to perform spoofing over a network. The vulnerability was published on 2026-06-09T17:17:44.633Z and last modified on 2026-06-12T15:41:27.713Z.
- Vendor
- Microsoft
- Product
- Microsoft SharePoint Enterprise Server 2016
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Microsoft Office SharePoint Server, particularly those with authorization to access vulnerable versions, should be aware of this vulnerability.
Technical summary
The vulnerability exists in Microsoft Office SharePoint Server due to improper neutralization of input during web page generation, allowing for cross-site scripting (XSS) attacks. An authorized attacker can exploit this vulnerability to perform spoofing over a network.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by Microsoft to vulnerable SharePoint Server versions.
- Restrict access to vulnerable SharePoint Server instances.
- Monitor SharePoint Server logs for suspicious activity.
Evidence notes
The CVE record and details were obtained from the official CVE.org and NVD databases.
Official resources
-
CVE-2026-48560 CVE record
CVE.org
-
CVE-2026-48560 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-48560 was published on 2026-06-09T17:17:44.633Z and last modified on 2026-06-12T15:41:27.713Z.