What is CVE-2021-26420?

CVE-2021-26420 is a vulnerability in Microsoft SharePoint that allows remote attackers to execute arbitrary code on affected installations.

What is the severity of CVE-2021-26420?

The severity of CVE-2021-26420 is high, with a CVSS score of 7.5.

Which versions of Microsoft SharePoint are affected by CVE-2021-26420?

CVE-2021-26420 affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 SP1, and Microsoft SharePoint Server 2019.

How can I fix CVE-2021-26420 in Microsoft SharePoint Enterprise Server 2016?

To fix CVE-2021-26420 in Microsoft SharePoint Enterprise Server 2016, you can apply the patch provided by Microsoft or follow the remediation steps mentioned in the Microsoft knowledge base article.

Where can I find more information about CVE-2021-26420?

You can find more information about CVE-2021-26420 on the Microsoft Security Response Center website and the Zero Day Initiative advisory.

Vulnerability/
CVE-2021-26420

high

8.8

8/6/2021

29/5/2024

3/8/2024

CVE-2021-26420: Microsoft SharePoint WorkflowCompilerInternal Exposed Dangerous Function Remote Code Execution Vulnerability

First published: Tue Jun 08 2021(Updated: )

Microsoft SharePoint Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SharePoint Enterprise Server	=2016
Microsoft SharePoint Foundation	=2013-sp1
Microsoft SharePoint Server	=2019
Microsoft SharePoint
Microsoft SharePoint Server 2019		fix available externally
Microsoft SharePoint Enterprise Server 2016		fix available externally
Microsoft SharePoint Foundation 2013		fix available externally

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-26420?
CVE-2021-26420 is a vulnerability in Microsoft SharePoint that allows remote attackers to execute arbitrary code on affected installations.
What is the severity of CVE-2021-26420?
The severity of CVE-2021-26420 is high, with a CVSS score of 7.5.
Which versions of Microsoft SharePoint are affected by CVE-2021-26420?
CVE-2021-26420 affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 SP1, and Microsoft SharePoint Server 2019.
How can I fix CVE-2021-26420 in Microsoft SharePoint Enterprise Server 2016?
To fix CVE-2021-26420 in Microsoft SharePoint Enterprise Server 2016, you can apply the patch provided by Microsoft or follow the remediation steps mentioned in the Microsoft knowledge base article.
Where can I find more information about CVE-2021-26420?
You can find more information about CVE-2021-26420 on the Microsoft Security Response Center website and the Zero Day Initiative advisory.

collector/nvd-index
agent/author
agent/type
agent/first-publish-date
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
agent/remedy
agent/references
agent/severity
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/zdi-advisory
source/ZDI
alias/ZDI-21-755
alias/ZDI-CAN-13349
alias/CVE-2021-26420
agent/software-canonical-lookup
agent/tags
agent/event
collector/msrc-cve
source/Microsoft
vendor/microsoft
canonical/microsoft sharepoint enterprise server
version/microsoft sharepoint enterprise server/2016
canonical/microsoft sharepoint foundation
version/microsoft sharepoint foundation/2013-sp1
canonical/microsoft sharepoint server
version/microsoft sharepoint server/2019
canonical/microsoft sharepoint
canonical/microsoft sharepoint server 2019
canonical/microsoft sharepoint enterprise server 2016
canonical/microsoft sharepoint foundation 2013