Skip to main content

Microsoft Sharepoint Server Subscription Edition

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-47294 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft SharePoint Server (2016 Enterprise, 2019, and Subscription Edition) allows an authenticated attacker to execute arbitrary code on the server by submitting crafted serialized data that triggers unsafe deserialization. The CVSS 8.0 vector requires low privileges and user interaction, and no public exploit is identified at time of analysis. The flaw is significant because SharePoint servers typically run with high privileges inside enterprise environments and frequently host sensitive collaboration data.

Microsoft Command Injection Deserialization Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 +1
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-47294
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft SharePoint Server (2016 Enterprise, 2019, and Subscription Edition) allows an authenticated attacker to execute arbitrary code on the server by submitting crafted serialized data that triggers unsafe deserialization. The CVSS 8.0 vector requires low privileges and user interaction, and no public exploit is identified at time of analysis. The flaw is significant because SharePoint servers typically run with high privileges inside enterprise environments and frequently host sensitive collaboration data.

Microsoft Command Injection Deserialization +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy