Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published: 2026-05-12
Score: 8.8 High
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a deserialization flaw in Microsoft Office SharePoint that permits an attacker with authorized access to supply malicious payloads and execute arbitrary code over the network. This can lead to full compromise of the SharePoint server, exposing sensitive data, allowing lateral movement, and potentially impacting other applications connected to the same infrastructure. The weakness is identified as CWE‑502.

Affected Systems

Affected Microsoft SharePoint products include SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. No specific version ranges are listed in the CNA data, so all releases of these products are potentially vulnerable.

Risk and Exploitability

The CVSS base score of 8.8 indicates a high severity vulnerability. EPSS is not available, and the issue is not listed in the CISA KEV catalog, suggesting no publicly known exploits yet. The likely attack vector is through network traffic to a SharePoint instance; an authorized user or an adversary who has gained authorized access can inject unsafe serialized data, triggering the flaw. Because it requires authorized access, the risk is moderate in a well‑controlled environment but serious if privilege escalation is achieved.

Generated by OpenCVE AI on May 12, 2026 at 19:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update from Microsoft that addresses the deserialization flaw (see the Microsoft Security Advisory).
  • Restrict network access to the SharePoint instance by placing it behind a firewall or internal network segment and allowing only trusted IP ranges.
  • Enable logging and actively monitor for unusual deserialization activity or error messages that may indicate exploitation attempts.

Generated by OpenCVE AI on May 12, 2026 at 19:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Server Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-02T23:17:08.271Z

Reserved: 2026-04-11T23:06:15.613Z

Link: CVE-2026-40357

cve-icon Vulnrichment

Updated: 2026-05-13T09:59:08.578Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:14.413

Modified: 2026-05-13T20:48:58.907

Link: CVE-2026-40357

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:45:25Z

Weaknesses