CVE Catalog

CVE-2026-45644

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile - higher than 33% of all known CVEs

Summary

The Microsoft Live Share Canvas SDK has improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. An authorized attacker can exploit this flaw to elevate their privileges over a network.

Risk Assessment

The organization may be exposed to attacks that allow unauthorized users to gain elevated privileges, potentially leading to serious security breaches.

Recommendation

It is recommended to update the Microsoft Live Share Canvas SDK to the latest version and implement additional security measures against XSS attacks.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS