Detections
Analytics
Security Updates for Microsoft SharePoint Server 2016 (March 2026)
critical Nessus Plugin ID 301779
Language:
Synopsis
The Microsoft SharePoint Server 2016 installation on the remote host is affected by multiple vulnerabilities.Description
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:- Remote Code Execution vulnerabilities (CVE-2026-26106, CVE-2026-26113, CVE-2026-26114)
- Spoofing vulnerability in Microsoft SharePoint Server Subscription Edition (CVE-2026-26105)
Note that Nessus has not tested for these issues but instead relies on the application's self-reported version number.
Solution
Microsoft has released security updates to address this issue.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114
Plugin Details
Severity: Critical
ID: 301779
File Name: smb_nt_ms26_mar_office_sharepoint_2016.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/10/2026
Updated: 3/16/2026
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.4
Temporal Score: 7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2026-26105
CVSS v3
Risk Factor: Critical
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:sharepoint_server:2016
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 3/10/2026
Vulnerability Publication Date: 3/10/2026
Reference Information
CVE: CVE-2026-26105, CVE-2026-26106, CVE-2026-26113, CVE-2026-26114