CVE-2026-20947
published 2026-01-13CVE-2026-20947: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sharepoint_enterprise_server_2016 | >= 16.0.0 < 16.0.5535.1001 | 16.0.5535.1001 |
| microsoft | microsoft_sharepoint_server_2019 | >= 16.0.0 < 16.0.10417.20083 | 16.0.10417.20083 |
| microsoft | microsoft_sharepoint_server_subscription_edition | >= 16.0.0 < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | sharepoint_server | < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
| msrc | microsoft_sharepoint_server_subscription_edition | — | — |