CVE-2026-50522
Received Received - Intake

Deserialization Flaw in Microsoft Office SharePoint Enables RCE

Vulnerability report for CVE-2026-50522, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft office_sharepoint *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

The provided context does not include specific detection methods or commands for identifying CVE-2026-50522 on a network or system. Detection typically involves checking for vulnerable versions of Microsoft Office SharePoint and monitoring for unusual deserialization activity, but no explicit guidance is available in the given resources.

For accurate detection steps, refer to Microsoft's official guidance or security tools that scan for SharePoint vulnerabilities.

Executive Summary

CVE-2026-50522 is a vulnerability in Microsoft Office SharePoint that involves the deserialization of untrusted data. Deserialization is a process where data received over a network or from an untrusted source is converted back into an object or data structure. In this case, the vulnerability allows an unauthorized attacker to manipulate this process to execute arbitrary code on the affected system remotely.

The vulnerability does not require any privileges or user interaction to exploit, meaning an attacker can trigger it over a network without needing access to the target system or any user credentials.

Impact Analysis

This vulnerability can have severe impacts if exploited, including:

  • Remote Code Execution (RCE): An attacker can execute arbitrary code on the affected SharePoint server, potentially taking full control of the system.
  • Data Breach: The attacker could access, modify, or delete sensitive data stored in SharePoint, leading to data leaks or loss.
  • Network Compromise: The attacker could use the compromised SharePoint server as a pivot point to launch further attacks within the network.
  • Service Disruption: The attacker could disrupt SharePoint services, causing downtime or loss of productivity for users relying on the platform.

Given the CVSS base score of 9.8 (Critical), this vulnerability poses a high risk to organizations using the affected versions of Microsoft Office SharePoint.

Compliance Impact

This vulnerability can significantly impact compliance with various standards and regulations, including:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or exposure of personal data, it could result in a data breach. GDPR requires organizations to protect personal data and report breaches within 72 hours. Failure to do so can lead to significant fines (up to 4% of global revenue or €20 million, whichever is higher).
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI. HIPAA requires safeguards to protect PHI, and breaches can result in fines and legal consequences.
  • ISO 27001: This standard requires organizations to implement security controls to protect information assets. A vulnerability like this, if unpatched, could indicate a failure to meet the requirements for vulnerability management and risk assessment.
  • NIST Cybersecurity Framework: The framework emphasizes identifying, protecting, detecting, responding to, and recovering from cybersecurity threats. Exploitation of this vulnerability could indicate gaps in these areas, particularly in protective measures and risk management.

Organizations must patch this vulnerability promptly to avoid potential compliance violations and the associated legal, financial, and reputational risks.

Mitigation Strategies

Based on the provided context, the following immediate steps are recommended to mitigate CVE-2026-50522:

  • Apply the latest security updates from Microsoft for Microsoft Office SharePoint. Refer to the Microsoft Update Guide for the specific patch related to CVE-2026-50522.
  • Restrict network access to SharePoint servers to trusted sources only, if possible, to reduce exposure to potential attacks.
  • Monitor network traffic and logs for signs of exploitation attempts, such as unusual deserialization requests.
  • Follow Microsoft's official mitigation guidance, which may include additional workarounds or configuration changes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart