Microsoft has updated its advisory for a critical remote code execution vulnerability in SharePoint, now assessed as exploitable by unauthenticated attackers, prompting its addition to CISA's Known Exploited Vulnerabilities catalogue. The March 2026 security release also patches three additional SharePoint RCE flaws. CERT-EU strongly recommends prioritizing the immediate update of all SharePoint servers, especially internet-facing assets.
On 17 March 2026, Microsoft updated one of its January 2026 security advisories related to a remote code execution vulnerability in Microsoft SharePoint. Specifically, Microsoft raised the CVSS score and changed the FAQ section to indicate that the vulnerability could be exploited by an unauthenticated attacker. This vulnerability was added in the CISA's Known Exploited Vulnerabilities (KEV) catalogue on 18 March 2026. Additionally, three further RCE flaws affecting Microsoft SharePoint were addressed in the March 2026 release. CERT-EU strongly recommends updating SharePoint servers as soon as possible, prioritising internet-facing assets. CERT-EU also encourages IT administrators to take necessary remediation actions.