Vulnerability-Lookup

CVE-2026-47294 (GCVE-0-2026-47294)

Vulnerability from cvelistv5 – Published: 2026-06-01 18:26 – Updated: 2026-06-19 16:13

Title

Microsoft SharePoint Server Remote Code Execution Vulnerability

Summary

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5552.1002 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20128 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.19725.20280 (custom)

Date Public

2026-05-29 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T03:56:03.046940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T13:03:55.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5552.1002",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20128",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20280",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5552.1002",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20128",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.19725.20280",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-29T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:13:22.155Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-47294",
    "datePublished": "2026-06-01T18:26:43.315Z",
    "dateReserved": "2026-05-18T23:53:33.897Z",
    "dateUpdated": "2026-06-19T16:13:22.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-47294",
      "date": "2026-06-25",
      "epss": "0.00638",
      "percentile": "0.4591"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-47294\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-06-01T19:16:53.897\",\"lastModified\":\"2026-06-03T18:42:52.503\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.19725.20280\",\"matchCriteriaId\":\"E9919927-DE08-4AE4-B9F6-2A83117EE14A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-47294\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-02T03:56:03.046940Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-02T13:03:53.295Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Enterprise Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.5552.1002\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10417.20128\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.19725.20280\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-05-29T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294\", \"name\": \"Microsoft SharePoint Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5552.1002\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10417.20128\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.19725.20280\", \"versionStartIncluding\": \"16.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-06-19T16:13:22.155Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-47294\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-19T16:13:22.155Z\", \"dateReserved\": \"2026-05-18T23:53:33.897Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-06-01T18:26:43.315Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0681

Vulnerability from certfr_avis - Published: 2026-06-02 - Updated: 2026-06-02

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	SharePoint Server 2019	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20128
Microsoft	SharePoint Server Subscription Edition	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20280
Microsoft	Azure Linux	azl3 gnutls 3.8.3-8 versions antérieures à 3.8.3-11
Microsoft	SharePoint Enterprise Server 2016	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5552.1002

References

Title

Publication Time

FKIE_CVE-2026-47294

Vulnerability from fkie_nvd - Published: 2026-06-01 19:16 - Updated: 2026-06-17 20:17

Severity

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	sharepoint_server	*
microsoft	sharepoint_server	2016
microsoft	sharepoint_server	2019

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5552.1002",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20128",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20280",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
              "matchCriteriaId": "E9919927-DE08-4AE4-B9F6-2A83117EE14A",
              "versionEndExcluding": "16.0.19725.20280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
    }
  ],
  "id": "CVE-2026-47294",
  "lastModified": "2026-06-17T20:17:21.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-47294",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-02T03:56:03.046940Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-01T19:16:53.897",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-CHP7-CGWG-984J

Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-01 21:30

Details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity

8.0 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-47294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T19:16:53Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.",
  "id": "GHSA-chp7-cgwg-984j",
  "modified": "2026-06-01T21:30:44Z",
  "published": "2026-06-01T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47294"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-47294

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-06-10 07:00

Summary

Microsoft SharePoint Server Remote Code Execution Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-47294

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016		16.0.5552.1002
Microsoft SharePoint Server 2019 16.0.10417.20128 Microsoft SharePoint Server 2019		16.0.10417.20128
Microsoft SharePoint Server Subscription Edition 16.0.19725.20280 Microsoft SharePoint Server Subscription Edition		16.0.19725.20280

Known affected 3 products

Product	Version	Remediation
Microsoft SharePoint Server Subscription Edition <16.0.19725.20280 Microsoft SharePoint Server Subscription Edition	<16.0.19725.20280	Vendor Fix fix
Microsoft SharePoint Server 2019 <16.0.10417.20128 Microsoft SharePoint Server 2019	<16.0.10417.20128	Vendor Fix fix
Microsoft SharePoint Enterprise Server 2016 <16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016	<16.0.5552.1002	Vendor Fix fix

Threats

Impact Remote Code Execution

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

Oleksandr Mirosh

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Oleksandr Mirosh"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
      },
      {
        "category": "self",
        "summary": "CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-47294.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2026-06-10T07:00:00.000Z",
      "generator": {
        "date": "2026-06-17T18:31:10.683Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-47294",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-29T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-05-29T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published. This CVE was addressed by updates that were released in May 2026, but the CVE was inadvertently omitted from the May 2026 Security Updates. This is an informational change only. Customers who have already installed the May 2026 updates do not need to take any further action."
        },
        {
          "date": "2026-06-10T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Updated an acknowledgement. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5552.1002",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002",
              "product_id": "10950"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Enterprise Server 2016"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20128",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 16.0.10417.20128",
              "product_id": "11585"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20280",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20280",
              "product_id": "11961"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server Subscription Edition"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-47294",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.",
          "title": "According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?"
        },
        {
          "category": "faq",
          "text": "In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.",
          "title": "How could an attacker exploit the vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.",
          "title": "I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?"
        }
      ],
      "product_status": {
        "fixed": [
          "10950",
          "11585",
          "11961"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
        },
        {
          "category": "self",
          "summary": "CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-47294.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-29T07:00:00.000Z",
          "details": "16.0.5552.1002:Security Update:https://support.microsoft.com/help/5002868",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5002868"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-29T07:00:00.000Z",
          "details": "16.0.10417.20128:Security Update:https://support.microsoft.com/help/5002870",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5002870"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-29T07:00:00.000Z",
          "details": "16.0.19725.20280:Security Update:https://support.microsoft.com/help/5002863",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5002863"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  ]
}

WID-SEC-W-2026-1764

Vulnerability from csaf_certbund - Published: 2026-06-01 22:00 - Updated: 2026-06-01 22:00

Summary

Microsoft SharePoint: Schwachstelle ermöglicht Codeausführung

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt.

Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Microsoft SharePoint Server ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Windows

CVE-2026-47294

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Microsoft SharePoint Server 2016 <16.0.5552.1002 Microsoft / SharePoint Server 2016		<16.0.5552.1002
Microsoft SharePoint Server Subscription Edition <16.0.19725.20280 Microsoft / SharePoint		Server Subscription Edition <16.0.19725.20280
Microsoft SharePoint Server 2019 <16.0.10417.20128 Microsoft / SharePoint Server 2019		<16.0.10417.20128

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/vulnerabi…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Microsoft SharePoint Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1764 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1764.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1764 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1764"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Update Guide vom 2026-06-01",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47294"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft SharePoint: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2026-06-01T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-02T09:02:25.231+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1764",
      "initial_release_date": "2026-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Server Subscription Edition \u003c16.0.19725.20280",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20280",
                  "product_id": "T054927"
                }
              },
              {
                "category": "product_version",
                "name": "Server Subscription Edition 16.0.19725.20280",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20280",
                  "product_id": "T054927-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition__16.0.19725.20280"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.0.5552.1002",
                "product": {
                  "name": "Microsoft SharePoint Server 2016 \u003c16.0.5552.1002",
                  "product_id": "T054929"
                }
              },
              {
                "category": "product_version",
                "name": "16.0.5552.1002",
                "product": {
                  "name": "Microsoft SharePoint Server 2016 16.0.5552.1002",
                  "product_id": "T054929-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint_server_2016:16.0.5552.1002"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c16.0.10417.20128",
                "product": {
                  "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20128",
                  "product_id": "T054926"
                }
              },
              {
                "category": "product_version",
                "name": "16.0.10417.20128",
                "product": {
                  "name": "Microsoft SharePoint Server 2019 16.0.10417.20128",
                  "product_id": "T054926-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint_server_2019:16.0.10417.20128"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint Server 2019"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-47294",
      "product_status": {
        "known_affected": [
          "T054929",
          "T054927",
          "T054926"
        ]
      },
      "release_date": "2026-06-01T22:00:00.000+00:00",
      "title": "CVE-2026-47294"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-47294 (GCVE-0-2026-47294)

CERTFR-2026-AVI-0681

Solutions

FKIE_CVE-2026-47294

GHSA-CHP7-CGWG-984J

MSRC_CVE-2026-47294

WID-SEC-W-2026-1764

Tags

Sightings

Nomenclature