Home

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

PUBLISHED Reserved 2026-05-18 | Published 2026-06-01 | Updated 2026-06-05 | Assigner microsoft




HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

16.0.0 (custom) before 16.0.5552.1002
affected

16.0.0 (custom) before 16.0.10417.20128
affected

16.0.0 (custom) before 16.0.19725.20280
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294 (Microsoft SharePoint Server Remote Code Execution Vulnerability) vendor-advisory patch

cve.org (CVE-2026-47294)

nvd.nist.gov (CVE-2026-47294)

Download JSON