CVE-2026-33110

Microsoft · SharePoint

Deserialization of untrusted data in Microsoft SharePoint allows an authorized attacker to execute arbitrary code over a network.

Executive summary

An authenticated remote code execution vulnerability in Microsoft SharePoint poses a critical risk to internal infrastructure by allowing attackers to execute arbitrary code with server-level privileges.

Vulnerability

This is a deserialization vulnerability (CWE-502) in Microsoft SharePoint. An attacker with low-level authenticated access can leverage this flaw to achieve remote code execution (RCE) over the network.

Business impact

The CVSS score of 8.8 (High) reflects the severity of this vulnerability, as it allows for full system compromise if exploited successfully. Successful exploitation could lead to total loss of confidentiality, integrity, and availability of the SharePoint environment, potentially serving as a pivot point for further lateral movement within the corporate network.

Remediation

Immediate Action: Update to the patched versions provided by Microsoft in the security update guide: SharePoint 2016 (16.0.5552.1002), SharePoint 2019 (16.0.10417.20128), or Subscription Edition (16.0.19725.20280).

Proactive Monitoring: Audit SharePoint server logs for unusual process execution or unauthorized deserialization attempts.

Compensating Controls: Ensure strict access control lists (ACLs) are applied to limit the number of users who can interact with the vulnerable SharePoint interfaces.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the potential for remote code execution, organizations should prioritize the deployment of the vendor-supplied security patches to all affected SharePoint instances immediately. Failure to patch leaves the internal SharePoint infrastructure vulnerable to compromise by any authenticated user.