https://aretiq.ai/tags/cve-2026-45454/Recent content in Cve-2026-45454 on Aretiq AIHugoen-usWed, 10 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260531-cve-2026-45454-microsoft-sharepoint-server-upload-page-folder-path-traversal/Wed, 10 Jun 2026 00:00:00 +0000https://aretiq.ai/research/vul260531-cve-2026-45454-microsoft-sharepoint-server-upload-page-folder-path-traversal/<h2 id="1-overview">1. Overview</h2> <p>A path traversal vulnerability exists in the SharePoint Server file upload page (<code>Upload.aspx</code>). The <code>UploadPage.CurrentFolder</code> property resolves the upload destination from the user-supplied <code>RootFolder</code> query string parameter without validating that the resolved folder belongs to the document library specified by the <code>List</code> parameter. An authenticated attacker with upload permissions to one document library can craft a request that uploads files to a different, restricted document library on the same site — including the Master Page Gallery (<code>_catalogs/masterpage</code>).</p>