CVE-2026-26114
On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026. Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release. CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.
CSIRTS triage
- What
- A remote code execution vulnerability can be exploited by unauthenticated attackers.
- Who is affected
- Deployments of Microsoft SharePoint are affected, especially internet-facing assets.
- Urgency
- Remediation is critical due to the high CVSS score and active exploitation.
- Action
- Update SharePoint servers as soon as possible.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-26114
Get an email if CVE-2026-26114 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Moderate exploitation risk2.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 82% of all EPSS-scored CVEs.
Advisory coverage (1)
- critical2026-004: Critical Vulnerability in SharePoint Exploitedcert-eu · 2026-03-25
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-26114)