cbcvebase.
CVE-2026-45454
published 2026-06-09

CVE-2026-45454: Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.63%
73.2th percentile
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftmicrosoft_sharepoint_enterprise_server_2016>= 16.0.0 < 16.0.5556.100516.0.5556.1005
microsoftmicrosoft_sharepoint_server_2019>= 16.0.0 < 16.0.10417.2015316.0.10417.20153
microsoftmicrosoft_sharepoint_server_subscription_edition>= 16.0.0 < 16.0.19725.2038416.0.19725.20384
microsoftsharepoint_server< 16.0.19725.2038416.0.19725.20384
microsoftsharepoint_server
microsoftsharepoint_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.