CVE-2026-40357

Microsoft · Office SharePoint

An insecure deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code over the network.

Executive summary

A critical deserialization vulnerability in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code remotely.

Vulnerability

This is a deserialization of untrusted data (CWE-502) vulnerability. The CVSS vector (AV:N/AC:L/PR:L/UI:N) indicates that an attacker with low-level privileges (authenticated user) can exploit this vulnerability over the network to gain unauthorized code execution.

Business impact

Successful exploitation allows an authenticated attacker to execute code with the permissions of the SharePoint service, which often has high-level system access. Given the CVSS score of 8.8, this vulnerability poses a significant threat to data integrity, confidentiality, and system availability, potentially leading to a full compromise of the SharePoint environment.

Remediation

Immediate Action: Apply the latest security patches for Microsoft SharePoint Server as specified in the Microsoft Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40357).

Proactive Monitoring: Monitor SharePoint server logs for unusual deserialization activities or unauthorized network requests targeting server-side interfaces.

Compensating Controls: Implement strict network segmentation and ensure that the SharePoint service account is running with the principle of least privilege to limit the impact of a potential compromise.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

Organizations running SharePoint must treat this vulnerability with high urgency. Patching is critical to prevent authenticated attackers from elevating their privileges and gaining control over the SharePoint server infrastructure.