CVE-2026-48562— Microsoft SharePoint Server Spoofing Vulnerability
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0< 16.0.5556.1005 | affected |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0< 16.0.10417.20153 | affected |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0< 16.0.19725.20384 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48562
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Microsoft SharePoint Server Spoofing Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Office SharePoint 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Office SharePoint是美国微软(Microsoft)公司的一个企业内容协作与文档管理平台。 Microsoft Office SharePoint存在跨站脚本漏洞。攻击者利用该漏洞执行跨站脚本攻击。以下产品和版本受到影响:Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,Microsoft SharePoint Server Subscription Edition。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0 ~ 16.0.5556.1005 | - | |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0 ~ 16.0.10417.20153 | - | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0 ~ 16.0.19725.20384 | - |
II. Public POCs for CVE-2026-48562
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48562
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48562 (1)
Same Patch Batch · Microsoft · 2026-06-09 · 200 CVEs total
| CVE-2026-26142 | 9.8 CRITICAL | Nuance PowerScribe Remote Code Execution Vulnerability |
| CVE-2026-45657 | 9.8 CRITICAL | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2026-47291 | 9.8 CRITICAL | HTTP.sys Remote Code Execution Vulnerability |
| CVE-2026-47643 | 9.8 CRITICAL | Azure Stack Edge Remote Code Execution Vulnerability |
| CVE-2026-44815 | 9.8 CRITICAL | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2026-47281 | 9.6 CRITICAL | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-42904 | 9.6 CRITICAL | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-45602 | 9.1 CRITICAL | Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
| CVE-2026-40371 | 8.8 HIGH | Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
| CVE-2026-45504 | 8.8 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2026-45648 | 8.8 HIGH | Windows Active Directory Domain Services Remote Code Execution Vulnerability |
| CVE-2026-47289 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-32193 | 8.8 HIGH | Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability |
| CVE-2026-45484 | 8.8 HIGH | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2026-42985 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-47653 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45474 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45607 | 8.4 HIGH | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-41098 | 8.4 HIGH | Azure Stack Edge Spoofing Vulnerability |
| CVE-2026-47635 | 8.4 HIGH | Microsoft Outlook and Word Remote Code Execution Vulnerability |
Showing top 20 of 200 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Microsoft SharePoint Enterprise Server 2016
- CVE-2026-48560
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-45484
Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2026-45481
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-47640
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-45465
Microsoft SharePoint Server Spoofing Vulnerability
Same vendor: Microsoft
- CVE-2026-47645
Microsoft 365 Copilot's Business Chat Elevation of Privilege - CVE-2026-48582
Microsoft Exchange Online Elevation of Privilege Vulnerabili - CVE-2026-50519
Microsoft Visual Studio Code CoPilot Chat Security Feature B - CVE-2026-48584
Microsoft Azure Synapse Elevation of Privilege Vulnerability - CVE-2026-42895
Microsoft Copilot Tampering Vulnerability
Same weakness: CWE-79
- CVE-2026-32208
Microsoft Edge (Chromium-based) Spoofing Vulnerability - CVE-2026-12621
Cross-Site Scripting (XSS) Vulnerability in Password Reset R - CVE-2026-12619
GridTime™ 3000 GNSS Time Server CSRF to XSS - CVE-2026-12430
Blocksy Companion <= 2.1.45 - Authenticated (Editor+) Stored - CVE-2026-12157
BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cr
V. Comments for CVE-2026-48562
No comments yet