CVE-2026-26114: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

6 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5543.1000	16.0.5543.1000
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20102	16.0.10417.20102
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server	—	—
msrc	microsoft_sharepoint_enterprise_server_2016	—	—
msrc	microsoft_sharepoint_server_2019	—	—