Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published: 2026-05-12
Score: 8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves insecure deserialization of untrusted data in Microsoft Office SharePoint. An attacker who has authorized access can cause code to run on the SharePoint server, enabling compromise of confidentiality, integrity, and availability of the affected system. The weakness is classified as CWE-502, which signifies an improper deserialization of untrusted data. This flaw can allow an attacker to execute arbitrary code and gain full control over the server where the SharePoint service is running.

Affected Systems

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are impacted by this vulnerability. No specific version details are listed, so all current releases of these products are considered at risk.

Risk and Exploitability

The CVSS score of 8 indicates high severity. The EPSS score is not available, so the current probability of exploitation is unknown, but the absence from the CISA KEV catalog does not reduce the risk. The flaw is exploitable over a network by an attacker who already has authorized access to the SharePoint instance, but the high impact of remote code execution makes this a critical threat if an attacker can obtain such access. The architecture of SharePoint allows the deserialization process to be triggered by external inputs, implying that an attacker could prepare a malicious payload and deliver it via a crafted network request to achieve the exploit.

Generated by OpenCVE AI on May 12, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Microsoft security update for all affected SharePoint Server versions.
  • After applying the update, restart the SharePoint services to ensure the new configuration is active and monitor logs for any deserialization errors.
  • If the update cannot be applied immediately, restrict network access to the SharePoint servers and limit authenticated contacts to trusted administrative accounts to raise the effort required for an attacker.

Generated by OpenCVE AI on May 12, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Server Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:18.891Z

Reserved: 2026-04-11T23:06:15.614Z

Link: CVE-2026-40368

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:15.900

Modified: 2026-05-12T18:17:15.900

Link: CVE-2026-40368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:30:23Z

Weaknesses