CVE-2026-54108
Received Received - Intake

External Control of File Name in Microsoft Office SharePoint

Vulnerability report for CVE-2026-54108, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft office_sharepoint *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54108 is a vulnerability in Microsoft Office SharePoint where there is external control of a file name or path. This means an attacker with authorized access can manipulate file names or paths in a way that allows them to perform spoofing attacks over a network.

Spoofing in this context refers to the attacker's ability to deceive users or systems into believing that a file or resource originates from a trusted source when it does not. This could lead to unauthorized actions or access under false pretenses.

Impact Analysis

The impact of this vulnerability depends on your use of Microsoft Office SharePoint and the level of access an attacker may have. Here are potential impacts:

  • An attacker with authorized access could manipulate file names or paths to trick users into executing malicious files or accessing unintended resources.
  • Spoofing attacks could lead to unauthorized disclosure of sensitive information if users are deceived into interacting with malicious content.
  • The vulnerability could be exploited to bypass security controls, leading to further compromise of systems or data within the SharePoint environment.

The CVSS base score of 6.5 indicates a medium severity, with high confidentiality impact but no integrity or availability impact, meaning the primary risk is unauthorized access to sensitive data.

Compliance Impact

This vulnerability could affect compliance with several standards and regulations, depending on the data handled by the affected SharePoint environment:

  • GDPR: If the SharePoint environment stores or processes personal data of EU citizens, this vulnerability could lead to unauthorized access or disclosure of that data. Under GDPR, organizations must implement appropriate security measures to protect personal data, and failure to address this vulnerability could result in non-compliance and potential fines.
  • HIPAA: For organizations handling protected health information (PHI) in the U.S., this vulnerability could lead to unauthorized access to PHI. HIPAA requires safeguards to ensure the confidentiality and integrity of PHI, and exploitation of this vulnerability could violate those requirements.
  • Other standards like ISO 27001 or NIST frameworks require organizations to manage risks related to information security. Failure to patch or mitigate this vulnerability could result in non-compliance with these standards.

Organizations should assess the risk posed by this vulnerability in the context of their specific compliance obligations and take appropriate remediation steps.

Mitigation Strategies

To mitigate CVE-2026-54108, apply the latest security updates provided by Microsoft for Microsoft Office SharePoint. Refer to the official Microsoft update guide for the specific patch related to this vulnerability.

  • Ensure all SharePoint servers are updated to the latest version or apply the relevant security patches as soon as they are available.
  • Monitor Microsoft's Security Update Guide for any additional guidance or workarounds related to this vulnerability.
  • Restrict network access to SharePoint servers to trusted users and systems until the patch is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart