Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published: 2026-03-10
Score: 8.8 High
EPSS: 1.4% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from the deserialization of untrusted data in Microsoft SharePoint environments. An attacker that has authorized access can supply crafted serialized content that is automatically processed by SharePoint, leading to arbitrary code execution. This allows the attacker to compromise confidentiality, integrity, and availability of the affected SharePoint instance and potentially the entire domain.

Affected Systems

The affected products are Microsoft SharePoint Enterprise Server 2016 and Microsoft SharePoint Server 2019. No specific patch versions are listed in the CNA data, so all installations of these products are potentially vulnerable until patched.

Risk and Exploitability

The CVSS base score of 8.8 indicates a high severity. The EPSS score is less than 1%, suggesting that current exploitation attempts are rare, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector requires an authenticated user or service account with network access to send malicious input over standard SharePoint interfaces, enabling the exploitation of the deserialization flaw.

Generated by OpenCVE AI on March 20, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Microsoft security update for SharePoint Server 2016 and 2019 from the Microsoft Update Catalog or Microsoft Security Response Center.
  • Verify that the update has been successfully installed and the vulnerable deserialization path is mitigated.
  • If a patch cannot be applied immediately, restrict network access to SharePoint servers and limit authenticated user capabilities to reduce the attack surface.
  • Monitor SharePoint logs for unexpected deserialization activity or anomalous requests that may indicate an attempted exploit.

Generated by OpenCVE AI on March 20, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft sharepoint Server
CPEs cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Vendors & Products Microsoft sharepoint Server

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Server Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-03-27T22:32:55.015Z

Reserved: 2026-02-11T15:52:13.910Z

Link: CVE-2026-26114

cve-icon Vulnrichment

Updated: 2026-03-10T19:55:48.854Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:40.413

Modified: 2026-03-13T17:07:21.493

Link: CVE-2026-26114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:37Z

Weaknesses