Cyber Resilience

CVE-2026-26114

HighRCE

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0241 82.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-26114 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-26114 is a deserialization of untrusted data vulnerability (CWE-502) in Microsoft Office SharePoint. Published on 2026-03-10T18:18:40.413, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows remote code execution, compromising confidentiality, integrity, and availability at a high level (C:H/I:H/A:H) within the unchanged security scope (S:U).

Mitigation details are available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2026-26114 is a deserialization vulnerability in Microsoft Office SharePoint enabling remote code execution, directly mapping to exploitation of a public-facing web application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-33112Same product: Microsoft Sharepoint Server
CVE-2026-40368Same product: Microsoft Sharepoint Server
CVE-2025-53770Same product: Microsoft Sharepoint Server
CVE-2026-35439Same product: Microsoft Sharepoint Server
CVE-2026-45659Same product: Microsoft Sharepoint Server
CVE-2026-33110Same product: Microsoft Sharepoint Server
CVE-2026-40357Same product: Microsoft Sharepoint Server
CVE-2025-54897Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation through patching the specific deserialization vulnerability in Microsoft Office SharePoint to prevent remote code execution.

prevent

Enforces validation of untrusted data inputs to block deserialization of malicious payloads by authorized low-privilege attackers over the network.

prevent

Implements memory protections such as ASLR and DEP to mitigate exploitation of deserialization flaws leading to remote code execution.

References