CVE-2026-40357

Daily digests

SharePoint deserializes untrusted data, letting an authenticated attacker execute arbitrary code on the server over the network. Any user with legitimate SharePoint access can trigger this. If you run on-prem SharePoint, this is a serious RCE that only requires a low-privilege account to pull off.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more