{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26114", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-02-11T15:52:13.910Z", "datePublished": "2026-03-10T17:05:04.827Z", "dateUpdated": "2026-04-14T16:36:09.266Z"}, "containers": {"cna": {"title": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.5543.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.10417.20102"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.5543.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.10417.20102", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-502: Deserialization of Untrusted Data", "lang": "en-US", "type": "CWE", "cweId": "CWE-502"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:09.266Z"}, "references": [{"name": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-26114"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T03:55:53.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26114", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T19:55:14.531211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T19:55:48.854Z"}}], "cna": {"title": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.5543.1000", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.10417.20102", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114", "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.5543.1000", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.10417.20102", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:09.266Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26114", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:09.266Z", "dateReserved": "2026-02-11T15:52:13.910Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:04.827Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."}, {"lang": "es", "value": "La deserializaci\u00f3n de datos no confiables en Microsoft Office SharePoint permite a un atacante autorizado ejecutar c\u00f3digo a trav\u00e9s de una red."}], "id": "CVE-2026-26114", "lastModified": "2026-03-13T17:07:21.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:40.413", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,16.0.5543.1000)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SharePoint Enterprise Server 2016", "source": "cna", "vendor": "Microsoft"}, "product": "sharepoint_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,16.0.10417.20102)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SharePoint Server 2019", "source": "cna", "vendor": "Microsoft"}, "product": "sharepoint_server_2019", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-20T15:57:21.867584+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft security update for SharePoint Server 2016 and 2019 from the Microsoft Update Catalog or Microsoft Security Response Center.", "Verify that the update has been successfully installed and the vulnerable deserialization path is mitigated.", "If a patch cannot be applied immediately, restrict network access to SharePoint servers and limit authenticated user capabilities to reduce the attack surface.", "Monitor SharePoint logs for unexpected deserialization activity or anomalous requests that may indicate an attempted exploit."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products are Microsoft SharePoint Enterprise Server 2016 and Microsoft SharePoint Server 2019. No specific patch versions are listed in the CNA data, so all installations of these products are potentially vulnerable until patched.", "description_and_impact": "The vulnerability arises from the deserialization of untrusted data in Microsoft SharePoint environments. An attacker that has authorized access can supply crafted serialized content that is automatically processed by SharePoint, leading to arbitrary code execution. This allows the attacker to compromise confidentiality, integrity, and availability of the affected SharePoint instance and potentially the entire domain.", "risk_and_exploitability": "The CVSS base score of 8.8 indicates a high severity. The EPSS score is less than 1%, suggesting that current exploitation attempts are rare, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector requires an authenticated user or service account with network access to send malicious input over standard SharePoint interfaces, enabling the exploitation of the deserialization flaw."}}}}, "created": "2026-03-11T11:45:48.301535+00:00", "updated": "2026-03-23T09:55:37.343160+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$sharepoint_server_2016", "microsoft$PRODUCT$sharepoint_server_2019"]}