Cyber Resilience

CVE-2026-26106

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0137 68.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-26106 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26106 is an improper input validation vulnerability (CWE-20) affecting Microsoft Office SharePoint. Published on 2026-03-10, it enables an authorized attacker to execute code over a network, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges (PR:L), such as an authenticated user, can exploit this vulnerability remotely (AV:N) with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106 provides details on patches and mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an improper input validation flaw in Microsoft Office SharePoint enabling remote arbitrary code execution for low-privileged authenticated users over the network, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21344Same product: Microsoft Sharepoint Server
CVE-2026-32201Same product: Microsoft Sharepoint Server
CVE-2025-59228Same product: Microsoft Sharepoint Server
CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2026-20947Same product: Microsoft Sharepoint Server
CVE-2026-33112Same product: Microsoft Sharepoint Server
CVE-2025-21348Same product: Microsoft Sharepoint Server
CVE-2026-40368Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19725.20076

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates information input validation mechanisms to prevent exploitation of the improper input validation flaw in Microsoft Office SharePoint.

prevent

Requires timely flaw remediation, such as applying patches for CVE-2026-26106, to eliminate the vulnerability enabling remote code execution.

detect

Vulnerability scanning identifies improper input validation issues like CVE-2026-26106 in SharePoint for proactive remediation.

References