Detections
Analytics

Security Updates for Microsoft SharePoint Server 2016 (March 2026)

high Nessus Plugin ID 301779

Synopsis

The Microsoft SharePoint Server 2016 installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

 - Remote Code Execution vulnerabilities (CVE-2026-26106, CVE-2026-26113, CVE-2026-26114)
- Spoofing vulnerability in Microsoft SharePoint Server Subscription Edition (CVE-2026-26105)

Note that Nessus has not tested for these issues but instead relies on the application's self-reported version number.

Solution

Microsoft has released security updates to address this issue.

See Also

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114

https://support.microsoft.com/help/5002850

Plugin Details

Severity: High

ID: 301779

File Name: smb_nt_ms26_mar_office_sharepoint_2016.nasl

Version: 1.1

Type: local

Agent: windows

Published: 3/10/2026

Updated: 3/10/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-26105

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS Score Source: CVE-2026-26113

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server:2016

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 3/10/2026

Vulnerability Publication Date: 3/10/2026

Reference Information

CVE: CVE-2026-26105, CVE-2026-26106, CVE-2026-26113, CVE-2026-26114

MSFT: MS26-5002850

MSKB: 5002850