CVE-2026-58277

Microsoft · SharePoint Enterprise Server

Microsoft SharePoint contains an improper authorization vulnerability that allows an authenticated attacker to elevate their privileges over a network.

Executive summary

An improper authorization flaw in Microsoft SharePoint enables authenticated attackers to escalate privileges, potentially leading to full system compromise.

Vulnerability

This is an improper authorization vulnerability where an authenticated user with low privileges can perform actions or access data beyond their authorized scope. The vulnerability can be exploited over a network.

Business impact

The ability for an authenticated attacker to elevate privileges poses a severe risk to data confidentiality, integrity, and availability. With a CVSS score of 8.8, this vulnerability could allow an attacker to gain administrative control over SharePoint environments, facilitating the theft of sensitive corporate documents or the disruption of critical business workflows.

Remediation

Immediate Action: Apply the relevant security updates provided by Microsoft to reach the patched versions (16.0.5561.1001 for 2016 or 16.0.10417.20175 for 2019).

Proactive Monitoring: Monitor SharePoint audit logs for suspicious privilege escalation attempts or unauthorized access to sensitive site collections.

Compensating Controls: Implement strict access control lists and review user permissions to ensure the principle of least privilege is enforced until patches can be applied.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Privilege escalation vulnerabilities in enterprise infrastructure like SharePoint require immediate attention to prevent unauthorized lateral movement. Security teams should expedite the deployment of the latest security patches to all affected SharePoint instances to mitigate the risk of internal compromise.