Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000010

[Content Description]
Microsoft SharePoint Server is an enterprise-level collaboration platform that provides file management and team collaboration functions, serving as a core platform for enterprise information integration. Recently, Microsoft released two major cybersecurity vulnerability announcements (CVE-2026-26106, CVSS: 8.8 and CVE-2026-26114, CVSS: 8.8).

CVE-2026-26106 is an input validation vulnerability that allows an authorized attacker to execute code over a network; CVE-2026-26114 is an untrusted data deserialization vulnerability that allows an authorized attacker to execute code over a network.

[Affected Platforms]
Microsoft SharePoint Enterprise Server 2016 versions 16.0.0 to 16.0.55431000
Microsoft SharePoint Server Subion Edition versions 16.0.0 to 16.0.10417.20102
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.19725.20076
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.10417.20102

[Recommended Actions]
Patch according to the solutions released on the official website:
【CVE-2026-26106】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106
【CVE-2026-26114】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114

[References]
1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html