CVE-2026-20951
published 2026-01-13CVE-2026-20951: Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sharepoint_enterprise_server_2016 | >= 16.0.0 < 16.0.5535.1001 | 16.0.5535.1001 |
| microsoft | microsoft_sharepoint_server_2019 | >= 16.0.0 < 16.0.10417.20083 | 16.0.10417.20083 |
| microsoft | microsoft_sharepoint_server_subscription_edition | >= 16.0.0 < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | sharepoint_server | < 16.0.19127.20442 | 16.0.19127.20442 |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
| msrc | microsoft_sharepoint_server_subscription_edition | — | — |