CVE-2026-50522
Microsoft · SharePoint
A deserialization vulnerability in Microsoft SharePoint allows an unauthenticated attacker to execute code over a network.
Executive summary
An unauthenticated remote code execution vulnerability exists in Microsoft SharePoint due to improper deserialization of untrusted data.
Vulnerability
The application is susceptible to a deserialization of untrusted data vulnerability (CWE-502). An unauthenticated attacker can send specially crafted data to the SharePoint server to execute code.
Business impact
The CVSS score of 9.8 underscores the gravity of this flaw. Exploitation could lead to full administrative control over the SharePoint environment, exposing sensitive organizational documents, facilitating data exfiltration, and compromising the entire SharePoint infrastructure.
Remediation
Immediate Action: Apply the latest security patches provided by Microsoft for the affected SharePoint versions to address the deserialization flaw.
Proactive Monitoring: Review SharePoint server logs for suspicious deserialization activity or unusual web requests that may suggest an attempt to inject malicious serialized objects.
Compensating Controls: Implement strict input validation at the Web Application Firewall (WAF) level to block potentially malicious serialized payloads before they reach the SharePoint application.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Given the critical nature of this vulnerability and the potential for total system compromise, patching is mandatory. Organizations should prioritize updating their SharePoint installations to the patched versions immediately to secure their collaborative environments.