CVE-2026-35439
Microsoft · Office SharePoint
A deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to achieve remote code execution over a network.
Executive summary
A critical deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code, posing a severe risk of full system compromise.
Vulnerability
The vulnerability stems from the deserialization of untrusted data (CWE-502). An authenticated attacker can leverage this flaw to execute code over the network, effectively bypassing standard security controls.
Business impact
With a CVSS score of 8.8, this vulnerability is highly severe. Successful exploitation allows an attacker with low-level access to gain total control over the SharePoint server, facilitating lateral movement, data theft, and potential ransomware deployment within the corporate network.
Remediation
Immediate Action: Apply the relevant security updates provided by Microsoft in the MSRC update guide for CVE-2026-35439.
Proactive Monitoring: Monitor SharePoint server logs for suspicious process spawning or anomalous network traffic originating from the SharePoint application pool identity.
Compensating Controls: Ensure that SharePoint instances are not exposed directly to the internet and enforce strict network segmentation to limit the impact of a potential compromise.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the high CVSS score and the critical nature of SharePoint in enterprise environments, patching this vulnerability must be treated as a high-priority task. Administrators should verify their SharePoint versions against the affected ranges and apply the vendor patches immediately.