CVE-2026-47294

8.0 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network

Published: 2026-06-01 · Last updated: 2026-06-03

Severity and scoring

Vendor	Product
microsoft	sharepoint_server

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Source: NVD

Same vendor

CVE-2026-48579 — Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network (9.1 CRITICAL)
CVE-2026-48567 — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network (10.0 CRITICAL)
CVE-2026-47644 — Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allow... (6.5 MEDIUM)
CVE-2026-45497 — Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to... (7.7 HIGH)
CVE-2026-42824 — Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to di... (6.5 MEDIUM)

Same CWE

CVE-2026-24719 — A command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2026-22893 — A command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2025-66279 — A command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2025-66273 — A command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2026-49959 — Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitr... (8.8 HIGH)