CVE-2026-40365
HIGHDescription
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Is your site exposed to CVE-2026-40365?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | sharepoint_server |
| microsoft | sharepoint_server |
| microsoft | sharepoint_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-40365? +
How severe is CVE-2026-40365? +
What products are affected by CVE-2026-40365? +
How do I check if I'm vulnerable to CVE-2026-40365? +
Related Vulnerabilities
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain …
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially …
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application …
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS …
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through …
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate …