CVE-2026-40365 – Microsoft SharePoint Server Remote Code Execution Vulnerability

A critical remote code execution vulnerability exists in Microsoft SharePoint Server due to insufficient granularity of access control. An authenticated attacker with low privileges, such as a Site Owner role, could exploit the flaw to inject and execute arbitrary code remotely on the SharePoint Server.
CVSS Score: 8.8
SEVERITY: Critical
THREAT:
This vulnerability could allow authenticated attackers to remotely execute arbitrary code on affected SharePoint servers. Successful exploitation may lead to server compromise, unauthorized access to business data, malware deployment, and disruption of collaboration services.

EXPLOITS:
At the time of publication, Microsoft reports that the vulnerability was not publicly disclosed and was not exploited in the wild. Exploit Code Maturity is listed as Unproven, and exploitation is assessed as Less Likely.

TECHNICAL SUMMARY:
CVE-2026-40365 is caused by insufficient granularity of access control in Microsoft Office SharePoint. The vulnerability allows an authenticated attacker with low privileges to write arbitrary code and trigger remote execution on the SharePoint Server. Microsoft states that a user with at least Site Owner permissions could exploit the flaw in a network-based attack.
The vulnerability has a network attack vector, low attack complexity, requires low privileges, and does not require user interaction. Confidentiality, integrity, and availability impacts are all rated High.

EXPLOITABILITY:
Affected software is Microsoft SharePoint Server, including SharePoint Server 2016 and SharePoint Enterprise Server 2016 using the same KB update. Exploitation requires an authenticated account with at least Site Owner privileges.

BUSINESS IMPACT:
SharePoint environments often store sensitive documents, internal communications, project data, and business workflows. A successful compromise could expose confidential information, disrupt collaboration platforms, and provide attackers with a foothold inside the enterprise network.

WORKAROUND:
No mitigations or workarounds are listed. Organizations should apply the official Microsoft security update for affected SharePoint environments as soon as possible.

URGENCY:
This vulnerability should be treated as a high-priority patching issue because it enables remote code execution on SharePoint servers using only low-level authenticated access. Collaboration platforms are frequently targeted because they contain valuable business data and often integrate with broader enterprise systems.