Detections
Analytics
Security Updates for Microsoft SharePoint Server Subscription Edition (April 2026)
medium Nessus Plugin ID 306457
Synopsis
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing a security update.Description
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:- Spoofing vulnerabilities (CVE-2026-20945, CVE-2026-32201)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released security updates to address this issue.See Also
Plugin Details
Severity: Medium
ID: 306457
File Name: smb_nt_ms26_apr_office_sharepoint_subscr.nasl
Version: 1.1
Type: Local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 4/14/2026
Updated: 4/14/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2026-32201
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:sharepoint_server:subscription
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Patch Publication Date: 4/14/2026
Vulnerability Publication Date: 4/14/2026
Reference Information
CVE: CVE-2026-20945, CVE-2026-32201
MSFT: MS26-5002853
MSKB: 5002853