cve-2026-45464

CVE-2026-45464 is an Important-rated spoofing vulnerability in Microsoft SharePoint Server caused by cross-site scripting (XSS). Microsoft disclosed the flaw on June 9, 2026, and released security updates for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The vulnerability is not a zero-day, and Microsoft's exploitability assessment indicates exploitation is less likely. However, the issue highlights a recurring enterprise weakness: trusted portals become dangerous when they can be manipulated to display unintended content. Administrators should apply the June 2026 updates to mitigate the risk of spoofing attacks via XSS.