Microsoft Office SharePoint Allows Malicious Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Microsoft Office SharePoint Allows Malicious Code Execution

CVE-2026-26106

Summary

An attacker with permission to use a SharePoint site can run malicious code on other people's computers. This can happen if they send a specially crafted document to a user who opens it. To protect your organization, update Microsoft Office SharePoint to the latest version or block SharePoint sites that allow users to upload and share files.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	sharepoint_server	<= 16.0.19725.20076	–
microsoft	sharepoint_server	2016	–
microsoft	sharepoint_server	2019	–

Original title

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Original description

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd CVSS3.1 8.8

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026