CVE-2026-47294

HIGH

Microsoft Office SharePoint - Remote Code Execution via Untrusted Data Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-47294. PoCs published by wnaspy.

AI-analyzed exploit summary The repository contains a ZIP file with obfuscated Python scripts, but no clear exploit code or technical details are provided. The filenames suggest a SharePoint exploit, but the content is heavily obfuscated and lacks legitimate documentation.

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Exploits (1)

github SUSPICIOUS
by wnaspy · pythonpoc
https://github.com/wnaspy/CVE-POC-WEAPON/tree/main/CVE-2026-47294-sharepoint-exploit-kit.zip

The repository contains a ZIP file with obfuscated Python scripts, but no clear exploit code or technical details are provided. The filenames suggest a SharePoint exploit, but the content is heavily obfuscated and lacks legitimate documentation.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft SharePoint (version unspecified)
No auth needed
Prerequisites: Access to a vulnerable SharePoint instance
devstral-2 · analyzed Jun 14, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0064
EPSS Percentile 45.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (6)
Microsoft/Microsoft SharePoint Enterprise Server 2016 16.0.0 - 16.0.5552.1002
Microsoft/Microsoft SharePoint Server 2019 16.0.0 - 16.0.10417.20128
Microsoft/Microsoft SharePoint Server Subscription Edition 16.0.0 - 16.0.19725.20280
microsoft/sharepoint_server 2016
microsoft/sharepoint_server 2019
microsoft/sharepoint_server < 16.0.19725.20280
Published Jun 01, 2026
Tracked Since Jun 02, 2026