Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Microsoft SharePoint Server contains two critical security vulnerabilities – 1150312

publish date : 2026-03-13 update date : 2026-03-13

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026031210034040 Publication Time 2026/03/12 10:38
Incident Type ANA-Vulnerability Alert Discovery Time 2026/03/12 10:38
Impact Level Low  
[Subject]
【Vulnerability Alert】Microsoft SharePoint Server contains two critical security vulnerabilities – 1150312
[Content]
Forwarded from TWCERTCC-200-202603-00000010

Microsoft SharePoint Server is an enterprise-level collaboration platform that provides features such as document management and team collaboration, serving as a core platform for enterprise information integration. Recently, Microsoft released advisories for two critical security vulnerabilities (CVE-2026-26106, CVSS: 8.8 and CVE-2026-26114, CVSS: 8.8).

Among them, CVE-2026-26106 is an Improper Input Validation vulnerability that allows an authenticated attacker to execute code over a network. CVE-2026-26114 is a Deserialization of Untrusted Data vulnerability that allows an authenticated attacker to execute code over a network.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Microsoft SharePoint Enterprise Server 2016 versions 16.0.0 to 16.0.5543.1000
Microsoft SharePoint Server Subscription Edition versions 16.0.0 to 16.0.10417.20102
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.19725.20076
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.10417.20102
[Recommended Actions]

Apply the remediation according to the solutions provided on the official website:

【CVE-2026-26106】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106

【CVE-2026-26114】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114
[Reference]
1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print