CVE-2026-50522 is a Microsoft SharePoint remote code execution vulnerability caused by deserialization of untrusted data. Microsoft rates it Critical with a CVSS v3.1 base score of 9.8 and temporal score of 8.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The attack is network-based, requires no user interaction, and Microsoft’s FAQ indicates an attacker authenticated as at least a Site Owner could write arbitrary code to remotely execute on the SharePoint Server. Microsoft says there is no public disclosure or known exploitation yet, exploit code maturity is unproven, and exploitation is marked as more likely, making this a high-risk issue for network-exposed SharePoint deployments. Highlights: - CVSS scores: Base 9.8 - Temporal 8.5 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Latest Software Release: Exploitation More Likely; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation More Likely; network attack vector, LOW attack complexity, NO privileges required, and NO user interaction in the CVSS vector, with Microsoft noting remote code execution is possible in a network-based attack by an authenticated Site Owner - Severity for enterprise: Critical. Network-reachable SharePoint servers are high-risk because the vulnerability is remotely exploitable and does not require user interaction; authenticated access at Site Owner level is sufficient per the FAQ - Patch status: available; customer action required Affected systems: - SharePoint Server 2016 - SharePoint Enterprise Server 2016