CVE-2026-33112
Microsoft · Office SharePoint
Microsoft Office SharePoint is vulnerable to remote code execution due to the insecure deserialization of untrusted data.
Executive summary
An authenticated remote code execution vulnerability in Microsoft SharePoint allows attackers to compromise server integrity via deserialization of untrusted data.
Vulnerability
This is a deserialization of untrusted data vulnerability (CWE-502). The attacker must be authenticated to trigger the vulnerable function, but once authenticated, they can execute arbitrary code over the network.
Business impact
With a CVSS score of 8.8, this vulnerability allows for total system compromise, including loss of confidentiality, integrity, and availability. Successful exploitation enables an attacker to move laterally within the network or exfiltrate sensitive documents stored in SharePoint, posing a catastrophic risk to organizational data.
Remediation
Immediate Action: Apply the relevant security updates for your specific SharePoint version as listed in the Microsoft security guidance.
Proactive Monitoring: Monitor for unexpected process creation or unauthorized file system modifications on SharePoint servers.
Compensating Controls: Limit access to SharePoint management interfaces and ensure that service accounts are running with the least privilege necessary.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Organizations must prioritize patching SharePoint environments. Given the potential for remote code execution, this update should be deployed during the next available maintenance window to mitigate the risk of full server takeover.