CVE-2026-35439

Microsoft · Office SharePoint

A deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to achieve remote code execution over a network.

Executive summary

A critical deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code, posing a severe risk of full system compromise.

Vulnerability

The vulnerability stems from the deserialization of untrusted data (CWE-502). An authenticated attacker can leverage this flaw to execute code over the network, effectively bypassing standard security controls.

Business impact

With a CVSS score of 8.8, this vulnerability is highly severe. Successful exploitation allows an attacker with low-level access to gain total control over the SharePoint server, facilitating lateral movement, data theft, and potential ransomware deployment within the corporate network.

Remediation

Immediate Action: Apply the relevant security updates provided by Microsoft in the MSRC update guide for CVE-2026-35439.

Proactive Monitoring: Monitor SharePoint server logs for suspicious process spawning or anomalous network traffic originating from the SharePoint application pool identity.

Compensating Controls: Ensure that SharePoint instances are not exposed directly to the internet and enforce strict network segmentation to limit the impact of a potential compromise.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the high CVSS score and the critical nature of SharePoint in enterprise environments, patching this vulnerability must be treated as a high-priority task. Administrators should verify their SharePoint versions against the affected ranges and apply the vendor patches immediately.