How many vulnerabilities affect Sharepoint?

There are currently 632 known vulnerabilities (CVEs) affecting Sharepoint tracked in the Strobes VI database.

Are there exploits available for Sharepoint vulnerabilities?

Some vulnerabilities affecting Sharepoint have known public exploits. Check individual CVE pages for exploit details and mitigation guidance.

How should I prioritize Sharepoint vulnerabilities?

Prioritize based on Strobes Priority Score, which combines CVSS severity, EPSS exploitation probability, exploit availability, and patch status. Focus first on vulnerabilities with high Priority Scores and available exploits.

Sharepoint Vulnerabilities

Known vulnerabilities affecting Sharepoint products and systems

Total: 632 vulnerabilitiesPage 1

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch
CVE-2026-40368	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.0	584	Neutral	No	Yes
CVE-2026-40365	Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	545	Neutral	No	Yes
CVE-2026-40357	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	673	Neutral	No	Yes
CVE-2026-35439	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	673	Neutral	No	Yes
CVE-2026-33112	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	673	Neutral	No	Yes
CVE-2026-33110	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	673	Neutral	No	Yes
CVE-2026-32201	Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.	6.5	598	Neutral	Yes	Yes
CVE-2026-26114	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	775	Neutral	Yes	Yes
CVE-2026-26113	Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.	7.8	431	Neutral	No	Yes
CVE-2026-26106	Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	630	Neutral	No	Yes
CVE-2026-26105	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.	9.3	676	Neutral	No	Yes
CVE-2026-21511	Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.	7.5	514	Neutral	No	Yes
CVE-2026-21260	Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.	7.5	450	Neutral	No	Yes
CVE-2026-20963	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	9.8	819	Neutral	Yes	Yes
CVE-2026-20959	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.	5.4	223	Neutral	No	Yes
CVE-2026-20958	Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.	5.4	250	Neutral	No	Yes
CVE-2026-20951	Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.	7.8	517	Neutral	No	Yes
CVE-2026-20948	Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.	7.8	431	Neutral	No	Yes
CVE-2026-20947	Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	673	Neutral	No	Yes
CVE-2026-20945	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.	5.4	223	Neutral	No	Yes

Showing 1 - 20 of 632

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch

CVE ID

Description

CVSS

Priority

Trend

Exploit

Patch

CVE-2026-40368

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.0

584

Neutral

Yes

CVE-2026-40365

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

545

Neutral

Yes

CVE-2026-40357

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

673

Neutral

Yes

CVE-2026-35439

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

673

Neutral

Yes

CVE-2026-33112

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

673

Neutral

Yes

CVE-2026-33110

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

673

Neutral

Yes

CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5

598

Neutral

Yes

CVE-2026-26114

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

775

Neutral

Yes

CVE-2026-26113

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8

431

Neutral

Yes

CVE-2026-26106

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

630

Neutral

Yes

CVE-2026-26105

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

9.3

676

Neutral

Yes

CVE-2026-21511

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

7.5

514

Neutral

Yes

CVE-2026-21260

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

7.5

450

Neutral

Yes

CVE-2026-20963

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

9.8

819

Neutral

Yes

CVE-2026-20959

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

5.4

223

Neutral

Yes

CVE-2026-20958

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

5.4

250

Neutral

Yes

CVE-2026-20951

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

7.8

517

Neutral

Yes

CVE-2026-20948

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8

431

Neutral

Yes

CVE-2026-20947

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8

673

Neutral

Yes

CVE-2026-20945

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

5.4

223

Neutral

Yes

Sharepoint Vulnerabilities

Ready for Agentic Automated Testing?

Sharepoint Vulnerabilities