CVE-2026-33110
Microsoft · SharePoint
Deserialization of untrusted data in Microsoft SharePoint allows an authorized attacker to execute arbitrary code over a network.
Executive summary
An authenticated remote code execution vulnerability in Microsoft SharePoint poses a critical risk to internal infrastructure by allowing attackers to execute arbitrary code with server-level privileges.
Vulnerability
This is a deserialization vulnerability (CWE-502) in Microsoft SharePoint. An attacker with low-level authenticated access can leverage this flaw to achieve remote code execution (RCE) over the network.
Business impact
The CVSS score of 8.8 (High) reflects the severity of this vulnerability, as it allows for full system compromise if exploited successfully. Successful exploitation could lead to total loss of confidentiality, integrity, and availability of the SharePoint environment, potentially serving as a pivot point for further lateral movement within the corporate network.
Remediation
Immediate Action: Update to the patched versions provided by Microsoft in the security update guide: SharePoint 2016 (16.0.5552.1002), SharePoint 2019 (16.0.10417.20128), or Subscription Edition (16.0.19725.20280).
Proactive Monitoring: Audit SharePoint server logs for unusual process execution or unauthorized deserialization attempts.
Compensating Controls: Ensure strict access control lists (ACLs) are applied to limit the number of users who can interact with the vulnerable SharePoint interfaces.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for remote code execution, organizations should prioritize the deployment of the vendor-supplied security patches to all affected SharePoint instances immediately. Failure to patch leaves the internal SharePoint infrastructure vulnerable to compromise by any authenticated user.