KB5002836 — Security Update for SharePoint Server 2019 Language Pack

Overview

KB5002836 is a critical security update released on February 10, 2026, for SharePoint Server 2019 Language Pack components. This update addresses multiple high-severity vulnerabilities that could allow attackers to compromise SharePoint environments through language-specific attack vectors. The update is essential for organizations running multilingual SharePoint deployments and should be prioritized for immediate installation.

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities identified in SharePoint Server 2019 Language Pack components:

CVE-2026-0847: Authentication Bypass in Multilingual Environments

A critical vulnerability that allows attackers to bypass authentication mechanisms in SharePoint environments with multiple language packs installed. This vulnerability has a CVSS score of 8.8 and could lead to unauthorized access to sensitive SharePoint resources.

CVE-2026-0848: Privilege Escalation Through Language-Specific Web Parts

This vulnerability enables authenticated users to escalate their privileges by manipulating language-specific web parts. Attackers with contributor-level access could potentially gain farm administrator privileges through this exploit.

CVE-2026-0849: Cross-Site Scripting in Localized Content

Multiple XSS vulnerabilities in SharePoint's handling of localized content could allow attackers to inject malicious scripts into SharePoint pages, potentially compromising user sessions and stealing sensitive information.

CVE-2026-0850: Server-Side Request Forgery in Language Pack Resources

An SSRF vulnerability in language pack resource loading could allow attackers to make unauthorized network requests from SharePoint servers, potentially accessing internal network resources or external services.

Affected Systems

This security update applies to the following SharePoint Server 2019 configurations:

Installation Requirements

Before installing KB5002836, ensure your SharePoint environment meets the following requirements:

System Prerequisites

• SharePoint Server 2019 with at least one language pack installed
• Windows Server 2016 or later operating system
• Microsoft .NET Framework 4.7.2 or later
• Administrative privileges on all SharePoint servers in the farm

Disk Space Requirements

• Minimum 500 MB free disk space on system drive
• Additional 250 MB per installed language pack
• Temporary space for installation files (approximately 200 MB)

Service Dependencies

The following services must be running during installation:

• SharePoint Administration Service
• SharePoint Timer Service (will be restarted during installation)
• SharePoint User Code Host Service (if sandbox solutions are deployed)

Deployment Considerations

Farm-Wide Deployment

In multi-server SharePoint farms, install KB5002836 on all servers in the following order:

1. Database servers (if SharePoint is installed)
2. Application servers
3. Web front-end servers
4. Search servers

High Availability Environments

For SharePoint farms with high availability requirements:

• Install updates during scheduled maintenance windows
• Use rolling updates to maintain service availability
• Test the update in a staging environment first
• Monitor SharePoint health after each server update

Hybrid Environments

SharePoint hybrid environments connecting to SharePoint Online should verify compatibility with the latest SharePoint Online updates before deploying KB5002836.

Post-Installation Verification

After installing KB5002836, perform the following verification steps:

PowerShell Verification

# Verify the update installation
Get-SPProduct -Local | Where-Object {$_.ProductName -like "*Language Pack*"}

# Check SharePoint farm health
Get-SPFarm | Select-Object BuildVersion

# Verify language pack functionality
Get-SPWebApplication | Get-SPSite | Get-SPWeb | Select-Object Title, Language

Central Administration Verification

1. Open SharePoint Central Administration
2. Navigate to System Settings > Manage servers in this farm
3. Verify that all servers show the updated build number
4. Check the SharePoint Health Analyzer for any new warnings or errors

User Experience Testing

• Test multilingual site collections for proper functionality
• Verify language switching works correctly
• Confirm that localized content displays properly
• Test language-specific web parts and features

Security Impact Assessment

Organizations should assess the security impact of these vulnerabilities on their SharePoint environments:

Risk Assessment

• High Risk: Farms with multiple language packs and external user access
• Medium Risk: Internal-only farms with limited language pack usage
• Low Risk: Single-language deployments with restricted access

Mitigation Timeline

Microsoft recommends installing KB5002836 within 30 days of release for high-risk environments and within 60 days for medium-risk environments. Low-risk environments should install the update during the next scheduled maintenance window.