Microsoft Sharepoint Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Sharepoint Server.
Recent Microsoft Sharepoint Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-40357 | CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-33112 | CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-35439 | CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-40365 | CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-40368 | CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-33110 | CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 12, 2026 |
| CVE-2026-32201 | CVE-2026-32201 Microsoft SharePoint Server Spoofing Vulnerability | April 14, 2026 |
| CVE-2026-20945 | CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability | April 14, 2026 |
| CVE-2026-26114 | CVE-2026-26114 Microsoft SharePoint Server Remote Code Execution Vulnerability | March 10, 2026 |
| CVE-2026-26106 | CVE-2026-26106 Microsoft SharePoint Server Remote Code Execution Vulnerability | March 10, 2026 |
By the Year
In 2026 there have been 20 vulnerabilities in Microsoft Sharepoint Server with an average score of 7.8 out of ten. Last year, in 2025 Sharepoint Server had 35 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sharepoint Server in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.21
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 20 | 7.76 |
| 2025 | 35 | 7.97 |
| 2024 | 21 | 7.20 |
| 2023 | 27 | 7.53 |
| 2022 | 29 | 7.76 |
| 2021 | 53 | 7.09 |
| 2020 | 121 | 6.63 |
| 2019 | 48 | 6.78 |
| 2018 | 56 | 5.95 |
It may take a day or so for new Sharepoint Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Sharepoint Server Security Vulnerabilities
May 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-40367
8.4 - High
- May 12, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40365
8.8 - High
- May 12, 2026
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Insufficient Granularity of Access Control
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40357
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33112
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-33110
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-40368
8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-35439
8.8 - High
- May 12, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-32201
6.5 - Medium
- April 14, 2026
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Improper Input Validation
Apr 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20945
4.6 - Medium
- April 14, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Mar 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-26106
8.8 - High
- March 10, 2026
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper Input Validation
Mar 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-26113
8.4 - High
- March 10, 2026
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Mar 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-26105
8.1 - High
- March 10, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
XSS
Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21511
7.5 - High
- February 10, 2026
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
Marshaling, Unmarshaling
Feb 2026: Microsoft Outlook Spoofing Vulnerability
CVE-2026-21260
7.5 - High
- February 10, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
Information Disclosure
Jan 2026: Microsoft SharePoint Information Disclosure Vulnerability
CVE-2026-20958
5.4 - Medium
- January 13, 2026
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
SSRF
Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20947
8.8 - High
- January 13, 2026
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
SQL Injection
Jan 2026: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-20963
9.8 - Critical
- January 13, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Marshaling, Unmarshaling
Jan 2026: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20959
4.6 - Medium
- January 13, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Jan 2026: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20951
7.8 - High
- January 13, 2026
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Improper Input Validation
Jan 2026: Microsoft Office Click-To-Run Remote Code Execution Vulnerability
CVE-2026-20943
7 - High
- January 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Path
Dec 2025: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-64672
8.8 - High
- December 09, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
XSS
Nov 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-62204
8 - High
- November 11, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Oct 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-59237
8.8 - High
- October 14, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Oct 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-59228
8.8 - High
- October 14, 2025
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper Input Validation
Sep 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-54897
8.8 - High
- September 09, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733
8.4 - High
- August 12, 2025
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Incorrect Conversion between Numeric Types
Aug 2025: Microsoft Word Information Disclosure Vulnerability
CVE-2025-53736
6.8 - Medium
- August 12, 2025
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Buffer Over-read
Aug 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49712
8.8 - High
- August 12, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Aug 2025: Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2025-53760
7.1 - High
- August 12, 2025
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
SSRF
Jul 2025: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-53771
6.5 - Medium
- July 20, 2025
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
authentification
Jul 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-53770
9.8 - Critical
- July 20, 2025
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
Marshaling, Unmarshaling
Jul 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-49703
7.8 - High
- July 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49704
8.8 - High
- July 08, 2025
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Code Injection
Jul 2025: Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-49706
6.5 - Medium
- July 08, 2025
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
authentification
Jul 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-49701
8.8 - High
- July 08, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
AuthZ
Jul 2025: Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47994
7.8 - High
- July 08, 2025
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Marshaling, Unmarshaling
Jun 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47166
8.8 - High
- June 10, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Jun 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47172
8.8 - High
- June 10, 2025
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
SQL Injection
Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47168
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47163
8.8 - High
- June 10, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
May 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30378
7 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
May 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30382
7.8 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
May 2025: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-30384
7.4 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
May 2025: Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2025-29976
7.8 - High
- May 13, 2025
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Apr 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-29793
7.2 - High
- April 08, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-29820
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-27746
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Apr 2025: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-29794
8.8 - High
- April 08, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
AuthZ
Apr 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-27747
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server or by Microsoft? Click the Watch button to subscribe.
