VDB

GCVE-110-NCSC-2026-144

GCVE-110-NCSC-2026-144
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 12, 2026
A deserialization vulnerability in Microsoft Office SharePoint allows an authorized attacker to remotely execute code over a network by processing untrusted data.

Weaknesses (CWE)

CWE-502Deserialization of Untrusted DataCWE-1220Insufficient Granularity of Access ControlCWE-822Untrusted Pointer DereferenceCWE-552Files or Directories Accessible to External PartiesCWE-125Out-of-bounds ReadCWE-122Heap-based Buffer OverflowCWE-416Use After FreeCWE-73External Control of File Name or PathCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›