Cyber Resilience

CVE-2026-35439

HighRCE

Published: 12 May 2026

Published
12 May 2026
Modified
13 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0203 78.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-35439 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2026-35439 is a deserialization of untrusted data flaw, tracked as CWE-502, that affects Microsoft Office SharePoint. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, and low privileges required.

An authorized attacker can exploit the issue over a network to execute arbitrary code, resulting in high impact to confidentiality, integrity, and availability.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439 supplies official guidance and patches. The associated EPSS score has remained flat at 0.0195 with no material increase observed after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization flaw (CWE-502) directly enables remote code execution on network-accessible SharePoint server, matching T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2026-33112Same product: Microsoft Sharepoint Server
CVE-2026-40368Same product: Microsoft Sharepoint Server
CVE-2025-53770Same product: Microsoft Sharepoint Server
CVE-2026-45659Same product: Microsoft Sharepoint Server
CVE-2026-33110Same product: Microsoft Sharepoint Server
CVE-2026-40357Same product: Microsoft Sharepoint Server
CVE-2025-54897Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19725.20280

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of untrusted serialized data before deserialization, blocking the arbitrary code execution path in SharePoint.

prevent

Mandates timely application of the vendor patch supplied in the MSRC advisory to eliminate the deserialization flaw.

detect

Requires integrity verification of software and information, enabling detection of unauthorized code introduced via the deserialization exploit.

References