[Vulnerability Alert] 2 Critical Security Vulnerabilities Found in Microsoft SharePoint Server

• Subject Explanation: [Vulnerability Alert] 2 Critical Security Vulnerabilities Found in Microsoft SharePoint Server

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000010
  • Microsoft SharePoint Server is an enterprise-level collaboration platform providing document management, team collaboration, and other features, serving as a core platform for enterprise information integration. Recently, Microsoft released an advisory for 2 critical security vulnerabilities (CVE-2026-26106, CVSS: 8.8 and CVE-2026-26114, CVSS: 8.8).
  • Among them, CVE-2026-26106 is an Improper Input Validation vulnerability, allowing an authorized attacker to execute code over the network; CVE-2026-26114 is an Untrusted Data Deserialization vulnerability, allowing an authorized attacker to execute code over the network.
• Impacted Platforms:
  • Microsoft SharePoint Enterprise Server 2016 versions from 16.0.0 to 16.0.55431000
  • Microsoft SharePoint Server Subscription Edition versions from 16.0.0 to 16.0.10417.20102
  • Microsoft SharePoint Server 2019 versions from 16.0.0 to 16.0.19725.20076
  • Microsoft SharePoint Server 2019 versions from 16.0.0 to 16.0.10417.20102
• Suggested Measures:
  • Please patch according to the solutions released on the official website:
  • [CVE-2026-26106] https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106
  • [CVE-2026-26114] https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html

Computer and Communication Center
Network Systems Division