CVE-2026-47298— Microsoft SharePoint Server Remote Code Execution Vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0< 16.0.5556.1005 | affected |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0< 16.0.10417.20153 | affected |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0< 16.0.19725.20384 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47298
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Microsoft SharePoint Server Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Office SharePoint 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Office SharePoint是美国微软(Microsoft)公司的一个企业内容协作与文档管理平台。 Microsoft Office SharePoint存在授权问题漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,Microsoft SharePoint Server Subscription Edition。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0 ~ 16.0.5556.1005 | - | |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0 ~ 16.0.10417.20153 | - | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0 ~ 16.0.19725.20384 | - |
II. Public POCs for CVE-2026-47298
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-47298
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-47298 (1)
Same Patch Batch · Microsoft · 2026-06-09 · 200 CVEs total
| CVE-2026-26142 | 9.8 CRITICAL | Nuance PowerScribe Remote Code Execution Vulnerability |
| CVE-2026-47291 | 9.8 CRITICAL | HTTP.sys Remote Code Execution Vulnerability |
| CVE-2026-45657 | 9.8 CRITICAL | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2026-47643 | 9.8 CRITICAL | Azure Stack Edge Remote Code Execution Vulnerability |
| CVE-2026-44815 | 9.8 CRITICAL | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2026-42904 | 9.6 CRITICAL | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-47281 | 9.6 CRITICAL | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-45602 | 9.1 CRITICAL | Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
| CVE-2026-40371 | 8.8 HIGH | Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
| CVE-2026-45648 | 8.8 HIGH | Windows Active Directory Domain Services Remote Code Execution Vulnerability |
| CVE-2026-47653 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-42985 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-32193 | 8.8 HIGH | Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability |
| CVE-2026-47289 | 8.8 HIGH | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-45504 | 8.8 HIGH | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2026-45484 | 8.8 HIGH | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2026-45461 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45474 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45463 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45607 | 8.4 HIGH | Windows Hyper-V Remote Code Execution Vulnerability |
Showing top 20 of 200 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Microsoft SharePoint Enterprise Server 2016
- CVE-2026-48560
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-48562
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-45484
Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2026-45481
Microsoft SharePoint Server Spoofing Vulnerability - CVE-2026-47640
Microsoft SharePoint Server Spoofing Vulnerability
Same vendor: Microsoft
- CVE-2026-47645
Microsoft 365 Copilot's Business Chat Elevation of Privilege - CVE-2026-48582
Microsoft Exchange Online Elevation of Privilege Vulnerabili - CVE-2026-50519
Microsoft Visual Studio Code CoPilot Chat Security Feature B - CVE-2026-48584
Microsoft Azure Synapse Elevation of Privilege Vulnerability - CVE-2026-42895
Microsoft Copilot Tampering Vulnerability
Same weakness: CWE-285
- CVE-2026-48089
DevGuard has improper authorization on public assets - CVE-2026-49338
Subsonic API: any authenticated user can delete or read any - CVE-2026-20190
Cisco Identity Services Engine Information Disclosure Vulner - CVE-2026-12213
hcengineering Huly Platform User Information operations.ts g - CVE-2026-47342
Apache OFBiz: Privilege Escalation via updateOrRemove Author
V. Comments for CVE-2026-47298
No comments yet