Critical SharePoint Vulnerability Exploited, Update Recommended
On March 17, 2026, Microsoft updated a January 2026 security advisory concerning a remote code execution vulnerability in SharePoint. Microsoft increased the CVSS score and updated the FAQ, noting the vulnerability could be exploited by unauthenticated attackers. It was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on March 18, 2026.
On March 17, 2026, Microsoft updated a January 2026 security advisory concerning a remote code execution vulnerability in SharePoint. Microsoft increased the CVSS score and updated the FAQ, noting the vulnerability could be exploited by unauthenticated attackers. It was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on March 18, 2026.
Furthermore, three additional RCE flaws impacting Microsoft SharePoint were addressed in the March 2026 release. CERT-EU strongly advises updating SharePoint servers promptly, especially internet-facing assets. IT administrators are urged to implement necessary remediation actions without delay.