Sharepoint Server 2019 Microsoft Sharepoint Server 2019

  1. Vendors
  2. Microsoft
  3. Sharepoint Server 2019

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Sharepoint Server 2019.

By the Year

In 2026 there have been 54 vulnerabilities in Microsoft Sharepoint Server 2019 with an average score of 6.8 out of ten. Last year, in 2025 Sharepoint Server 2019 had 41 security vulnerabilities published. That is, 13 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.03




Year Vulnerabilities Average Score
2026 54 6.80
2025 41 7.83
2024 7 7.10
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 5 7.46
2019 6 0.00

It may take a day or so for new Sharepoint Server 2019 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Sharepoint Server 2019 Security Vulnerabilities

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48560 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Marshaling, Unmarshaling

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48562 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2026-45484 8.8 - High - June 09, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Marshaling, Unmarshaling

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45481 7.3 - High - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47640 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47634 7.3 - High - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Injection

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45465 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45464 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45462 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-45454 6.5 - Medium - June 09, 2026

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Directory traversal

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-33113 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47639 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47641 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Improper Input Validation

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47638 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47636 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47637 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-47298 8 - High - June 09, 2026

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

AuthZ

Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45456 8.4 - High - June 09, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45458 8.4 - High - June 09, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45453 5.4 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44824 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-44821 5.5 - Medium - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44819 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft Office Project Server Spoofing Vulnerability
CVE-2026-45483 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45485 3.3 - Low - June 09, 2026

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45479 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45471 7.8 - High - June 09, 2026

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475 7.8 - High - June 09, 2026

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45468 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45467 4.6 - Medium - June 09, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Jun 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-47294 8 - High - June 01, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Shell injection

May 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-45659 8.8 - High - May 22, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40365 8.8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Insufficient Granularity of Access Control

May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40367 8.4 - High - May 12, 2026

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40357 8.8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33110 8.8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33112 8.8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40368 8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-35439 8.8 - High - May 12, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-32201 6.5 - Medium - April 14, 2026

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Improper Input Validation

Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20945 4.6 - Medium - April 14, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

XSS

Mar 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-26106 8.8 - High - March 10, 2026

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper Input Validation

Mar 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-26114 8.8 - High - March 10, 2026

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26113 8.4 - High - March 10, 2026

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Mar 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-26105 8.1 - High - March 10, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

XSS

Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21511 7.5 - High - February 10, 2026

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Marshaling, Unmarshaling

Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21260 7.5 - High - February 10, 2026

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Information Disclosure

Jan 2026: Microsoft SharePoint Information Disclosure Vulnerability
CVE-2026-20958 5.4 - Medium - January 13, 2026

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

SSRF

Jan 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20948 7.8 - High - January 13, 2026

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20947 8.8 - High - January 13, 2026

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server 2019 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Sharepoint Server 2019
Product

subscribe