THREATOPS
THREAT OPSThreat News › 2026-004: Critical Vulnerability in SharePoint Exploited

2026-004: Critical Vulnerability in SharePoint Exploited

infocert_euPublished 2026-03-25

On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catal

MITRE ATT&CK techniques

Original source: https://cert.europa.eu/publications/security-advisories/2026-004/