CVE-2026-26106
Published: 10 March 2026
Description
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates information input validation mechanisms to prevent exploitation of the improper input validation flaw in Microsoft Office SharePoint.
Requires timely flaw remediation, such as applying patches for CVE-2026-26106, to eliminate the vulnerability enabling remote code execution.
Vulnerability scanning identifies improper input validation issues like CVE-2026-26106 in SharePoint for proactive remediation.
Security SummaryAI
CVE-2026-26106 is an improper input validation vulnerability (CWE-20) affecting Microsoft Office SharePoint. Published on 2026-03-10, it enables an authorized attacker to execute code over a network, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges (PR:L), such as an authenticated user, can exploit this vulnerability remotely (AV:N) with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106 provides details on patches and mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an improper input validation flaw in Microsoft Office SharePoint enabling remote arbitrary code execution for low-privileged authenticated users over the network, directly mapping to T1190: Exploit Public-Facing Application.