Threat Advisory

SharePoint Remote Code Execution Flaw Lets Attackers Run Code on Server

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting Microsoft SharePoint Enterprise Server 2016 versions The bug affects on-premises SharePoint Server builds prior to the May 2026 security update have been identified in Microsoft SharePoint Enterprise Server 2016, affecting the product's overall risk and impact. The vulnerabilities were patched in the May 2026 security update, but prior to this update, on-premises SharePoint Server builds were affected.

CVE-2026-33112 (CVSS 8.8 — High · CVSSv3): A low-privilege user can run code on the server through a remote code execution flaw in Microsoft SharePoint Server.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting Microsoft SharePoint Enterprise Server 2016 versions The bug affects on-premises SharePoint Server builds prior to the May 2026 security update have been identified in Microsoft SharePoint Enterprise Server 2016, affecting the product's overall risk and impact. The vulnerabilities were patched in the May 2026 security update, but prior to this update, on-premises SharePoint Server builds were affected.

CVE-2026-33112 (CVSS 8.8 — High · CVSSv3): A low-privilege user can run code on the server through a remote code execution flaw in Microsoft SharePoint Server.[emaillocker id="1283"]

CVE-2025-53770: An attacker abuses XSD schema imports to bypass the fix for an earlier bug and smuggle a forbidden type past the validator, leading to code execution. These vulnerabilities collectively present a significant risk to corporate intranets that rely on SharePoint. Administrators should apply the May 2026 update without delay and review Microsoft’s official advisory for build numbers. These vulnerabilities collectively present a significant risk to corporate intranets that rely on SharePoint.

These vulnerabilities collectively present a significant risk to corporate intranets that rely on SharePoint.

RECOMMENDATION:

We recommend you to update Microsoft SharePoint Enterprise Server 2016 to version 16.0.5552.1002.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu