Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026031210034040 | Publication Time | 2026/03/12 10:38 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/03/12 10:38 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Microsoft SharePoint Server contains two critical security vulnerabilities – 1150312 |
|||
| [Content] Forwarded from TWCERTCC-200-202603-00000010 Microsoft SharePoint Server is an enterprise-level collaboration platform that provides features such as document management and team collaboration, serving as a core platform for enterprise information integration. Recently, Microsoft released advisories for two critical security vulnerabilities (CVE-2026-26106, CVSS: 8.8 and CVE-2026-26114, CVSS: 8.8). Among them, CVE-2026-26106 is an Improper Input Validation vulnerability that allows an authenticated attacker to execute code over a network. CVE-2026-26114 is a Deserialization of Untrusted Data vulnerability that allows an authenticated attacker to execute code over a network. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Microsoft SharePoint Enterprise Server 2016 versions 16.0.0 to 16.0.5543.1000 Microsoft SharePoint Server Subscription Edition versions 16.0.0 to 16.0.10417.20102 Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.19725.20076 Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.10417.20102 |
|||
| [Recommended Actions]
Apply the remediation according to the solutions provided on the official website: 【CVE-2026-26106】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106 【CVE-2026-26114】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114 |
|||
| [Reference] 1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html |
|||