Microsoft Office SharePoint Allows Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Microsoft Office SharePoint Allows Remote Code Execution

CVE-2026-26114

Summary

An authorized attacker can execute malicious code on your network if they can manipulate data sent to Microsoft Office SharePoint. This could allow them to access or modify sensitive information. Update to the latest version of Microsoft Office SharePoint to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	sharepoint_server	2016	–
microsoft	sharepoint_server	2019	–

Original title

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Original description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd CVSS3.1 8.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026