CVE- 2026-33112 is a high-risk vulnerability (CVSS 8.8) in Microsoft SharePoint Enterprise Server 2016, allowing low-privilege users to execute remote code. No confirmed exploitation has been observed. Microsoft issued patches in May 2026, and users are advised to update to versions 16.0.5552.1002, 16.0.10417.20128, or 16.0.19725.20280. The flaw exploits external XSD schema imports to bypass security checks, which can lead to unauthorized server access. While SharePoint Online does not require actions, on-premises installations must promptly apply the update to prevent potential attacks.
Critical SharePoint Flaw Lets Low Privilege Users Run Remote Code
CyberSIXT Evidence Panel
Article by CyberSIXT