Microsoft Sharepoint Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Sharepoint Server.
Recent Microsoft Sharepoint Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-47294 | CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability | June 10, 2026 |
| CVE-2026-47641 | CVE-2026-47641 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-47636 | CVE-2026-47636 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-45468 | CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-47298 | CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability | June 9, 2026 |
| CVE-2026-45467 | CVE-2026-45467 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-47638 | CVE-2026-47638 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-47639 | CVE-2026-47639 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-45453 | CVE-2026-45453 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
| CVE-2026-45479 | CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability | June 9, 2026 |
By the Year
In 2026 there have been 52 vulnerabilities in Microsoft Sharepoint Server with an average score of 6.7 out of ten. Last year, in 2025 Sharepoint Server had 35 security vulnerabilities published. That is, 17 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.23
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 52 | 6.74 |
| 2025 | 35 | 7.97 |
| 2024 | 21 | 7.20 |
| 2023 | 27 | 7.53 |
| 2022 | 29 | 7.76 |
| 2021 | 53 | 7.09 |
| 2020 | 121 | 6.63 |
| 2019 | 48 | 6.78 |
| 2018 | 56 | 5.95 |
It may take a day or so for new Sharepoint Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Sharepoint Server Security Vulnerabilities
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48562
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48560
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Marshaling, Unmarshaling
Jun 2026: Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2026-45484
8.8 - High
- June 09, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Marshaling, Unmarshaling
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45481
7.3 - High
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47640
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47634
7.3 - High
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Injection
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45465
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45464
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45462
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-45454
6.5 - Medium
- June 09, 2026
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Directory traversal
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-33113
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47641
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Improper Input Validation
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47639
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47638
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47637
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47636
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-47298
8 - High
- June 09, 2026
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
AuthZ
Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45456
8.4 - High
- June 09, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45458
8.4 - High
- June 09, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45453
5.4 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44824
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-44821
5.5 - Medium
- June 09, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44819
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Office Project Server Spoofing Vulnerability
CVE-2026-45483
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45485
3.3 - Low
- June 09, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45479
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45471
7.8 - High
- June 09, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45468
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45467
4.6 - Medium
- June 09, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jun 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-47294
8 - High
- June 01, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Shell injection
May 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-45659
8.8 - High
- May 22, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40367
8.4 - High
- May 12, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40365
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Insufficient Granularity of Access Control
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40357
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33110
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33112
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40368
8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-35439
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-32201
6.5 - Medium
- April 14, 2026
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Improper Input Validation
Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20945
4.6 - Medium
- April 14, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Mar 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-26106
8.8 - High
- March 10, 2026
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper Input Validation
Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26113
8.4 - High
- March 10, 2026
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Mar 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-26105
8.1 - High
- March 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
XSS
Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21511
7.5 - High
- February 10, 2026
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
Marshaling, Unmarshaling
Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21260
7.5 - High
- February 10, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
Information Disclosure
Jan 2026: Microsoft SharePoint Information Disclosure Vulnerability
CVE-2026-20958
5.4 - Medium
- January 13, 2026
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
SSRF
Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20947
8.8 - High
- January 13, 2026
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
SQL Injection
Jan 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-20963
9.8 - Critical
- January 13, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Marshaling, Unmarshaling
Jan 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20959
4.6 - Medium
- January 13, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server or by Microsoft? Click the Watch button to subscribe.
