Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Microsoft Office SharePoint Cross-Site Scripting Attack Risk
CVE-2026-26105
Summary
Attackers can inject malicious code into SharePoint pages, tricking users into revealing sensitive information or taking unauthorized actions. This can happen when a user clicks on a malicious link or visits a compromised website. SharePoint administrators should ensure they have the latest updates and security patches installed to prevent this type of attack.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | sharepoint_server | <= 16.0.19725.20076 | – |
| microsoft | sharepoint_server | 2016 | – |
| microsoft | sharepoint_server | 2019 | – |
Original title
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Original description
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
nvd CVSS3.1
8.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026