Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network-reachable deserialization yields RCE with no user interaction, giving AV:N/AC:L/PR:N/UI:N and full C:H/I:H/A:H impact within the server's scope.
Primary rating from Vendor (microsoft).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
AnalysisAI
Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The specific technical prerequisite is that the attacker must be able to reach a vulnerable SharePoint web endpoint over the network and submit untrusted serialized data that the server deserializes (CWE-502) - the deserialization path is the exploitation surface. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals converge on genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a SharePoint server over the network sends a crafted HTTP request containing a malicious serialized .NET object to a vulnerable endpoint; when SharePoint deserializes it, an embedded gadget chain executes attacker-chosen commands in the context of the SharePoint application pool. From there the attacker drops a web shell or harvests farm credentials to move laterally. … |
| Remediation | Apply the vendor-released Microsoft security update for your SharePoint edition as the primary fix; the exact patched build should be taken from the Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644 (patch confirmed available per vendor, exact fix version not enumerated in the provided data). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all affected SharePoint instances (Enterprise Server 2016, Server 2019, Subscription Edition) and assess network exposure; implement network segmentation or access restrictions on non-critical instances if immediate patching is not feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets
Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi
Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta
Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l
Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw
Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets
Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke
Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription
Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer
Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas
Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M
Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43779
GHSA-q6cq-5qpf-q237