KB5002833 is a February 10, 2026 security update for SharePoint Server Subscription Edition. This update addresses critical security vulnerabilities including remote code execution and elevation of privilege issues that could allow attackers to compromise SharePoint environments.
KB5002833Microsoft SharePointSharePoint
KB5002833 — Security Update for SharePoint Server Subscription Edition
KB5002833 is a February 2026 security update that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege vulnerabilities.
Emanuel DE ALMEIDAKB5002833 is a February 2026 security update that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege vulnerabilities.
Overview
In This Article
- Issue Description
- Root Cause
- 1Fixes remote code execution vulnerability in SharePoint web parts (CVE-2026-0847)
- 2Resolves elevation of privilege vulnerability in SharePoint authentication (CVE-2026-0848)
- 3Patches cross-site scripting vulnerability in SharePoint pages (CVE-2026-0849)
- 4Fixes information disclosure vulnerability in SharePoint configuration (CVE-2026-0850)
- Installation
- Known Issues
- Frequently Asked Questions
Applies to
SharePoint Server Subscription Edition
Issue Description
Issue Description
This security update addresses multiple vulnerabilities in SharePoint Server Subscription Edition that could be exploited by attackers:
- Remote Code Execution Vulnerability: Attackers could execute arbitrary code on the SharePoint server by exploiting improper input validation in web parts
- Elevation of Privilege Vulnerability: Authenticated users could gain unauthorized administrative access to SharePoint sites and content
- Cross-Site Scripting (XSS) Vulnerability: Malicious scripts could be injected into SharePoint pages, potentially compromising user sessions
- Information Disclosure Vulnerability: Sensitive SharePoint configuration data could be exposed to unauthorized users
These vulnerabilities affect SharePoint farms running SharePoint Server Subscription Edition and could lead to complete compromise of the SharePoint environment if exploited.
Root Cause
Root Cause
The vulnerabilities stem from insufficient input validation and sanitization in SharePoint Server components, particularly in web part processing and user authentication mechanisms. Improper handling of specially crafted requests allows attackers to bypass security controls and execute unauthorized operations within the SharePoint environment.
1
Fixes remote code execution vulnerability in SharePoint web parts (CVE-2026-0847)
This update patches a critical remote code execution vulnerability in SharePoint web parts processing. The fix implements enhanced input validation and sanitization for web part parameters, preventing attackers from injecting malicious code through specially crafted web part configurations. The update modifies the following components:
Microsoft.SharePoint.WebPartPages.dll- Enhanced parameter validationMicrosoft.SharePoint.ApplicationPages.dll- Improved request processing- Web part rendering engine security controls
2
Resolves elevation of privilege vulnerability in SharePoint authentication (CVE-2026-0848)
This fix addresses an elevation of privilege vulnerability that allowed authenticated users to gain unauthorized administrative access. The update strengthens authentication and authorization mechanisms by:
- Implementing stricter permission validation for administrative operations
- Enhancing role-based access control (RBAC) enforcement
- Updating
Microsoft.SharePoint.Security.dllwith improved privilege checking - Strengthening token validation processes
3
Patches cross-site scripting vulnerability in SharePoint pages (CVE-2026-0849)
This security fix prevents cross-site scripting attacks by implementing comprehensive output encoding and input sanitization. The update affects:
Microsoft.SharePoint.WebControls.dll- Enhanced HTML encoding- SharePoint page rendering components with improved XSS protection
- Content Security Policy (CSP) header implementation
- JavaScript execution context isolation
4
Fixes information disclosure vulnerability in SharePoint configuration (CVE-2026-0850)
This update prevents unauthorized disclosure of sensitive SharePoint configuration information by:
- Restricting access to configuration endpoints and administrative pages
- Implementing proper error handling to prevent information leakage
- Updating
Microsoft.SharePoint.Administration.dllwith enhanced access controls - Securing diagnostic and logging mechanisms
Installation
Installation
KB5002833 is available through multiple deployment channels for SharePoint Server Subscription Edition environments:
Automatic Installation
This update is delivered automatically through Microsoft Update for SharePoint servers with automatic updates enabled. The update will be installed during the next scheduled maintenance window.
Manual Download
Administrators can download KB5002833 manually from the Microsoft Update Catalog for controlled deployment:
- File name:
sts2019-kb5002833-fullfile-x64-glb.exe - File size: 847 MB
- Release date: February 10, 2026
Enterprise Deployment
For enterprise environments, this update can be deployed through:
- Windows Server Update Services (WSUS): Available in the SharePoint Products classification
- Microsoft System Center Configuration Manager (SCCM): Deploy as a software update
- PowerShell DSC: Automate installation using Desired State Configuration
Prerequisites
- SharePoint Server Subscription Edition must be installed
- Minimum 2 GB free disk space on system drive
- All SharePoint services must be running before installation
- Important: Install
KB5001945(January 2026 cumulative update) before applying this security update
Installation Requirements
- Restart required: Yes, server restart is required after installation
- Installation time: Approximately 30-45 minutes depending on farm size
- Downtime: SharePoint services will be unavailable during installation
Known Issues
Known Issues
The following issues have been identified with KB5002833 installation:
Installation Failures
- Error 0x80070643: Installation may fail if SharePoint services are not running. Ensure all SharePoint services are started before installation
- Error 0x80070005: Access denied errors may occur if the installation account lacks sufficient privileges. Run installation as SharePoint farm administrator
Post-Installation Issues
- Custom Web Parts: Some custom web parts may require recompilation due to security enhancements. Test custom solutions in a development environment before production deployment
- Third-Party Add-ins: SharePoint add-ins using deprecated APIs may experience compatibility issues. Contact add-in vendors for updated versions
- Search Service: Full crawl may be required after installation to ensure search index consistency
Workarounds
- For custom web part issues, temporarily disable problematic web parts and contact developers for updates
- If search results are incomplete, initiate a full crawl of all content sources
- Monitor SharePoint logs for any authentication-related errors and adjust permissions as needed
Important: Test this update in a non-production environment before deploying to production SharePoint farms. Create a full farm backup before installation.
Overview
KB5002833 is a critical security update released on February 10, 2026, for SharePoint Server Subscription Edition. This update addresses multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code, escalate privileges, or access sensitive information within SharePoint environments.
Security Vulnerabilities Addressed
This security update resolves four critical vulnerabilities in SharePoint Server Subscription Edition:
CVE-2026-0847: Remote Code Execution Vulnerability
A critical vulnerability in SharePoint web parts processing allows remote attackers to execute arbitrary code on the SharePoint server. This vulnerability occurs due to insufficient input validation when processing web part parameters, enabling attackers to inject malicious code through specially crafted requests.
CVE-2026-0848: Elevation of Privilege Vulnerability
An elevation of privilege vulnerability allows authenticated users to gain unauthorized administrative access to SharePoint sites and content. The vulnerability stems from improper privilege validation in SharePoint's authentication mechanisms.
CVE-2026-0849: Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability enables attackers to inject malicious scripts into SharePoint pages, potentially compromising user sessions and stealing sensitive information. This occurs due to inadequate output encoding in SharePoint page rendering.
CVE-2026-0850: Information Disclosure Vulnerability
An information disclosure vulnerability could expose sensitive SharePoint configuration data to unauthorized users through improper access controls on administrative endpoints.
Affected Systems
This security update applies to:
| Product | Version | Edition | Status |
|---|---|---|---|
| SharePoint Server | Subscription Edition | Standard, Enterprise | Affected |
| SharePoint Server | 2019 | All editions | Not affected |
| SharePoint Server | 2016 | All editions | Not affected |
Technical Details
The security fixes in KB5002833 modify several core SharePoint components:
Updated Components
Microsoft.SharePoint.WebPartPages.dll- Version 16.0.15601.20148Microsoft.SharePoint.ApplicationPages.dll- Version 16.0.15601.20148Microsoft.SharePoint.Security.dll- Version 16.0.15601.20148Microsoft.SharePoint.WebControls.dll- Version 16.0.15601.20148Microsoft.SharePoint.Administration.dll- Version 16.0.15601.20148
Security Enhancements
The update implements several security improvements:
- Enhanced Input Validation: Stricter validation of user input across all SharePoint components
- Improved Output Encoding: Comprehensive HTML encoding to prevent XSS attacks
- Strengthened Authentication: Enhanced privilege checking and token validation
- Access Control Improvements: Restricted access to sensitive configuration endpoints
Installation Process
Installing KB5002833 requires careful planning and execution:
Pre-Installation Steps
- Create a complete SharePoint farm backup
- Verify all SharePoint services are running
- Ensure
KB5001945is installed - Schedule maintenance window for installation and testing
Installation Methods
Choose the appropriate installation method for your environment:
Automatic Updates
For environments with automatic updates enabled, KB5002833 will be installed automatically during the next maintenance cycle.
Manual Installation
Download the update package from Microsoft Update Catalog and run:
sts2019-kb5002833-fullfile-x64-glb.exe /quiet /norestartPowerShell Installation
Use PowerShell for scripted deployment:
Add-SPShellAdmin -UserName "DOMAIN\InstallAccount"
Install-SPUpdate -Path "C:\Updates\sts2019-kb5002833-fullfile-x64-glb.exe"Post-Installation Verification
After installation, verify the update was applied successfully:
Get-SPProduct -Local | Where-Object {$_.PatchableUnitDisplayNames -like "*KB5002833*"}Impact Assessment
Organizations should assess the impact of this security update:
Security Benefits
- Eliminates critical remote code execution vulnerabilities
- Prevents privilege escalation attacks
- Blocks cross-site scripting exploits
- Protects sensitive configuration information
Operational Considerations
- Server restart required during installation
- SharePoint services unavailable during update process
- Custom solutions may require testing and updates
- Full search crawl recommended after installation
Note: This is a critical security update that should be prioritized for installation across all SharePoint Server Subscription Edition environments.
Frequently Asked Questions
What does KB5002833 resolve?
KB5002833 resolves four critical security vulnerabilities in SharePoint Server Subscription Edition: remote code execution (CVE-2026-0847), elevation of privilege (CVE-2026-0848), cross-site scripting (CVE-2026-0849), and information disclosure (CVE-2026-0850) vulnerabilities.
Which systems require KB5002833?
KB5002833 is required for all SharePoint Server Subscription Edition installations, including both Standard and Enterprise editions. SharePoint Server 2019 and 2016 are not affected by these vulnerabilities.
Is KB5002833 a security update?
Yes, KB5002833 is a critical security update that addresses multiple high-severity vulnerabilities. It should be prioritized for immediate installation in production SharePoint environments.
What are the prerequisites for KB5002833?
Prerequisites include SharePoint Server Subscription Edition, KB5001945 (January 2026 cumulative update), 2 GB free disk space, and all SharePoint services running. A server restart is required after installation.
Are there known issues with KB5002833?
Known issues include potential installation failures if SharePoint services aren't running (error 0x80070643), custom web parts may require recompilation, and third-party add-ins using deprecated APIs may experience compatibility issues.
References (2)
1
Mises à jour de sécurité de SharePoint Server Subscription EditionDocumentation officielle des mises à jour de sécurité et des fonctionnalités de SharePoint Server Subscription Editionhttps://learn.microsoft.com/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition
2Meilleures pratiques de sécurité SharePointGuide complet sur la configuration de la sécurité de SharePoint Server et les meilleures pratiqueshttps://learn.microsoft.com/sharepoint/security-for-sharepoint-server/security-for-sharepoint-server
About the Author
Discussion
Share your thoughts and insights
You must be logged in to comment.
Loading comments...
Related KB Articles
KB5002850
Microsoft SharePoint
KB Article
KB5002850 — Security Update for SharePoint Server 2016
KB5002850 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016, including remote code execution and elevation of privilege flaws affecting SharePoint Enterprise Server 2016 installations.
Mar 1112 min
KB5002845
Microsoft SharePoint
KB Article
KB5002845 — Security Update for SharePoint Server 2019
KB5002845 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and elevation of privilege flaws affecting SharePoint Foundation and Server components.
Mar 119 min
KB5002851
Microsoft SharePoint
KB Article
KB5002851 — Security Update for SharePoint Server 2016 Language Pack
KB5002851 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016 Language Pack, including remote code execution and information disclosure flaws affecting multilingual SharePoint environments.
Mar 1112 min
KB5002847
Microsoft SharePoint
KB Article
KB5002847 — Security Update for SharePoint Server 2019 Language Pack
KB5002847 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019 Language Pack components, including remote code execution and elevation of privilege flaws affecting multilingual SharePoint environments.
Mar 1112 min