CVE-2023-24955
Microsoft SharePoint Server Code Injection Vulnerability
CVSS
—
No CVSS
EPSS
85.4%
p100
KEV
YES
Mar 26, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
85.4%EPSS · 30 days85.4%
2026-06-302026-07-16
Product
Microsoft / SharePoint Server
Vulnerability
Microsoft SharePoint Server Code Injection Vulnerability
Added to KEV
Mar 26, 2024
Remediate by
Apr 16, 2024
Known ransomware use
Yes
Summary description
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955; https://nvd.nist.gov/vuln/detail/CVE-2023-24955
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-29357—99.9%
KEV—80Microsoft SharePoint Server Privilege Escalation Vulnerability—CVE-2026-32201—97.5%
KEV—79Microsoft SharePoint Server Improper Input Validation Vulnerability—CVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2dCVE-2026-456598.8 HIG86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability14d