CVE-2026-47634
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk43th percentile - higher than 43% of all known CVEs
Summary
A vulnerability in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. The issue is due to improper neutralization of special elements in output used by a downstream component.
Risk Assessment
An attacker can impersonate a trusted user or system, potentially leading to data theft, fraud, or loss of trust within the organization.
Recommendation
Apply the security update provided by Microsoft for Microsoft Office SharePoint immediately. Test the patch in a non-production environment before deployment.
Original NVD description (English source)
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

