CVE-2026-33112

Microsoft · Office SharePoint

Microsoft Office SharePoint is vulnerable to remote code execution due to the insecure deserialization of untrusted data.

Executive summary

An authenticated remote code execution vulnerability in Microsoft SharePoint allows attackers to compromise server integrity via deserialization of untrusted data.

Vulnerability

This is a deserialization of untrusted data vulnerability (CWE-502). The attacker must be authenticated to trigger the vulnerable function, but once authenticated, they can execute arbitrary code over the network.

Business impact

With a CVSS score of 8.8, this vulnerability allows for total system compromise, including loss of confidentiality, integrity, and availability. Successful exploitation enables an attacker to move laterally within the network or exfiltrate sensitive documents stored in SharePoint, posing a catastrophic risk to organizational data.

Remediation

Immediate Action: Apply the relevant security updates for your specific SharePoint version as listed in the Microsoft security guidance.

Proactive Monitoring: Monitor for unexpected process creation or unauthorized file system modifications on SharePoint servers.

Compensating Controls: Limit access to SharePoint management interfaces and ensure that service accounts are running with the least privilege necessary.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Organizations must prioritize patching SharePoint environments. Given the potential for remote code execution, this update should be deployed during the next available maintenance window to mitigate the risk of full server takeover.