Volerion logoVolerion
Volerion logoVolerion

Microsoft SharePoint Server Information Disclosure Vulnerability via Server-Side Request Forgery

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Microsoft Office SharePoint. This vulnerability allows an authorized attacker to disclose information over a network. The issue arises from outbound requests that SharePoint makes on behalf of the attacker, potentially exposing external HTTP responses or basic network metadata, but not internal network content or sensitive server information.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing an attacker to access some sensitive data returned from outbound requests made by SharePoint, such as external HTTP responses or basic network metadata.

Remediation

Users can download the security update for Microsoft SharePoint Server Subscription Edition, SharePoint Server 2019, or SharePoint Enterprise Server 2016 from the Microsoft Update Catalog. Instructions for downloading the security update are available on the Microsoft Support website.

Added: Jan 13, 2026, 7:01 PM
Updated: Jan 13, 2026, 7:01 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
2.5
exploitability
4.9
remediation
7.7
relevance
2.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.