Vulnerability Details CVE-2026-20958
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-20958
-
cpe:2.3:a:microsoft:sharepoint_server:-
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.10417.20003
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20246
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20292
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20362
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17928.20356
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17928.20396
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20172
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20286
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20396
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20424
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20508
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.18526.20518
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.19127.20100
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.19127.20262
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.19127.20338
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.19127.20378
-
cpe:2.3:a:microsoft:sharepoint_server:2016
-
cpe:2.3:a:microsoft:sharepoint_server:2019