CVE-2026-40357
Microsoft · Office SharePoint
An insecure deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code over the network.
Executive summary
A critical deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code remotely.
Vulnerability
This is a deserialization of untrusted data (CWE-502) vulnerability. The CVSS vector (AV:N/AC:L/PR:L/UI:N) indicates that an attacker with low-level privileges (authenticated user) can exploit this vulnerability over the network to gain unauthorized code execution.
Business impact
Successful exploitation allows an authenticated attacker to execute code with the permissions of the SharePoint service, which often has high-level system access. Given the CVSS score of 8.8, this vulnerability poses a significant threat to data integrity, confidentiality, and system availability, potentially leading to a full compromise of the SharePoint environment.
Remediation
Immediate Action: Apply the latest security patches for Microsoft SharePoint Server as specified in the Microsoft Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40357).
Proactive Monitoring: Monitor SharePoint server logs for unusual deserialization activities or unauthorized network requests targeting server-side interfaces.
Compensating Controls: Implement strict network segmentation and ensure that the SharePoint service account is running with the principle of least privilege to limit the impact of a potential compromise.
Exploitation status
Public Exploit Available: No (exploit_available: false).
Analyst recommendation
Organizations running SharePoint must treat this vulnerability with high urgency. Patching is critical to prevent authenticated attackers from elevating their privileges and gaining control over the SharePoint server infrastructure.