Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
| Vendor | Product | Versions |
|---|---|---|
| microsoft | sharepoint_server | 16.0.0, 16.0.0, 16.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | microsoft sharepoint server subscription edition | mitre_affected | 90% |
| microsoft | microsoft sharepoint | mitre_affected | 90% |
Updated affected versions and patch availability, added new CWE IDs and CVE tags.
Updated exploit availability to true and noted that the patch was inadvertently left out of the June 2026 release.
Initial creation