cve-2026-48562

CVE-2026-48562 is a Microsoft SharePoint Server spoofing vulnerability disclosed on June 10, 2026. It stems from improper input neutralization during web page generation, allowing an authorized attacker to perform spoofing over a network against on-premises SharePoint installations. While rated medium severity, the vulnerability carries significant enterprise risk because SharePoint is deeply integrated with identity, documents, workflows, and legacy intranet trust. On-premises defenders should prioritize patching this flaw to prevent spoofing attacks that could compromise collaboration and authentication integrity. The tag covers disclosure details, attack vector, and patch priority guidance for IT administrators managing SharePoint Server environments.