Description
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published: 2026-06-09
Score: 8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability results from improper authorization in Microsoft Office SharePoint, allowing an attacker with legitimate access to execute code over the network. The flaw permits arbitrary code to run with the privileges of the SharePoint account, potentially compromising the confidentiality, integrity, or availability of the affected servers.

Affected Systems

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are impacted. Version details are not specified, so all current releases of these products are potentially vulnerable.

Risk and Exploitability

The CVSS base score of 8 signals a high severity issue. Although the EPSS score is unavailable and the vulnerability is not listed in CISA KEV, the attack vector is network-based and only requires an authorized account. Successful exploitation would grant an attacker full control over the SharePoint server, making this a significant risk for organizations that host sensitive data.

Generated by OpenCVE AI on June 9, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Microsoft patch for CVE-2026-47298 to all affected SharePoint servers.
  • Limit SharePoint user permissions to the least privilege necessary for their roles to reduce impact if compromise occurs.
  • Monitor SharePoint logs for anomalous code execution or privilege escalation activity.

Generated by OpenCVE AI on June 9, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Server Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-285
CPEs cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T18:04:19.588Z

Reserved: 2026-05-18T23:53:33.897Z

Link: CVE-2026-47298

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:35.050

Modified: 2026-06-09T19:32:51.440

Link: CVE-2026-47298

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:00:19Z

Weaknesses