Detections
Analytics
Security Updates for Microsoft SharePoint Server Subscription Edition (March 2026)
high Nessus Plugin ID 301775
Synopsis
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing a security update.Description
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:- Remote Code Execution vulnerabilities (CVE-2026-26106, CVE-2026-26113)
- Spoofing vulnerability in Microsoft SharePoint Server Subscription Edition (CVE-2026-26105)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released security updates to address this issue.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113
Plugin Details
Severity: High
ID: 301775
File Name: smb_nt_ms26_mar_office_sharepoint_subscr.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/10/2026
Updated: 3/10/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-26105
CVSS v3
Risk Factor: High
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS Score Source: CVE-2026-26113
Vulnerability Information
CPE: cpe:/a:microsoft:sharepoint_server:subscription
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Patch Publication Date: 3/10/2026
Vulnerability Publication Date: 3/10/2026
Reference Information
CVE: CVE-2026-26105, CVE-2026-26106, CVE-2026-26113
MSFT: MS26-5002843
MSKB: 5002843