CVE-2026-50522 – Microsoft SharePoint Remote Code Execution Vulnerability
“A single vulnerable SharePoint server can become the doorway to an organization's most valuable data.”
A deserialization of untrusted data vulnerability in Microsoft SharePoint allows an attacker to execute arbitrary code over the network. An attacker with at least Site Owner privileges can inject and execute malicious code on the SharePoint Server, potentially leading to complete server compromise. Because this vulnerability affects a widely used collaboration platform and carries a very high CVSS score, it represents a serious risk to organizations using affected SharePoint deployments.
CVSS Score: 9.8
SEVERITY: Critical
THREAT:
This vulnerability enables remote code execution on affected SharePoint servers. A successful attack could allow an attacker to execute arbitrary code, compromise sensitive business data, deploy additional malware, and potentially gain control of the SharePoint environment.
EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as more likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by deserialization of untrusted data (CWE-502) within Microsoft SharePoint. Microsoft states that an attacker authenticated as at least a Site Owner can write arbitrary code that is subsequently executed by the SharePoint Server. The vulnerability is remotely exploitable over the network with low attack complexity and no user interaction required. Successful exploitation can result in complete compromise of the confidentiality, integrity, and availability of the affected server.
EXPLOITABILITY:
Affected products include Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. Microsoft also confirms that the SharePoint Enterprise Server 2016 update applies to SharePoint Server 2016. Exploitation requires an attacker to have at least Site Owner privileges before injecting malicious code for remote execution.
BUSINESS IMPACT:
A successful attack could provide an attacker with the ability to execute arbitrary code on SharePoint servers, exposing confidential business information, modifying corporate documents, disrupting collaboration services, and establishing a foothold for further attacks within the enterprise network.
WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected SharePoint Server deployments.
URGENCY:
This vulnerability should be deployed urgently because it is rated Critical with a CVSS v3.1 Base Score of 9.8. Although exploitation requires Site Owner privileges, Microsoft assesses exploitation as more likely, and successful exploitation can result in full remote code execution on SharePoint servers.
Key Details
- Affected Product
- Microsoft Sharepoint Server
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502