CVE-2026-50522

Microsoft · SharePoint

A deserialization vulnerability in Microsoft SharePoint allows an unauthenticated attacker to execute code over a network.

Executive summary

An unauthenticated remote code execution vulnerability exists in Microsoft SharePoint due to improper deserialization of untrusted data.

Vulnerability

The application is susceptible to a deserialization of untrusted data vulnerability (CWE-502). An unauthenticated attacker can send specially crafted data to the SharePoint server to execute code.

Business impact

The CVSS score of 9.8 underscores the gravity of this flaw. Exploitation could lead to full administrative control over the SharePoint environment, exposing sensitive organizational documents, facilitating data exfiltration, and compromising the entire SharePoint infrastructure.

Remediation

Immediate Action: Apply the latest security patches provided by Microsoft for the affected SharePoint versions to address the deserialization flaw.

Proactive Monitoring: Review SharePoint server logs for suspicious deserialization activity or unusual web requests that may suggest an attempt to inject malicious serialized objects.

Compensating Controls: Implement strict input validation at the Web Application Firewall (WAF) level to block potentially malicious serialized payloads before they reach the SharePoint application.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given the critical nature of this vulnerability and the potential for total system compromise, patching is mandatory. Organizations should prioritize updating their SharePoint installations to the patched versions immediately to secure their collaborative environments.