8.8
CVE-2026-35439
- EPSS 2.03%
- Veröffentlicht 12.05.2026 16:58:35
- Zuletzt bearbeitet 13.05.2026 20:53:04
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Server SwEditionsubscription Version < 16.0.19725.20280
Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise
Microsoft ≫ Sharepoint Server Version2019
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.03% | 0.785 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439