KB5002840 — Security Update for SharePoint Server 2016 Language Pack

Overview

KB5002840 is a critical security update released on February 10, 2026, for SharePoint Server 2016 Language Pack. This update addresses multiple security vulnerabilities in multilingual SharePoint environments, including remote code execution, elevation of privilege, cross-site scripting, and information disclosure flaws. The update is essential for organizations running SharePoint Server 2016 with multiple language packs installed.

Security Vulnerabilities Addressed

This security update resolves four critical vulnerabilities identified in SharePoint Server 2016 Language Pack components:

CVE-2026-0847: Remote Code Execution in Language Pack Processing

A critical vulnerability in the SharePoint language pack processing engine could allow remote code execution when processing specially crafted multilingual content. Attackers could exploit this vulnerability by uploading malicious documents or web parts containing localized content designed to bypass security controls and execute arbitrary code in the context of SharePoint services.

CVE-2026-0848: Elevation of Privilege in Localized Error Handling

This vulnerability in SharePoint's localized error handling system could allow attackers to escalate privileges by manipulating language-specific error messages and exception handlers. Successful exploitation could grant attackers elevated permissions within the SharePoint farm environment.

CVE-2026-0849: Cross-Site Scripting in Language-Specific UI Components

Multiple cross-site scripting vulnerabilities in SharePoint's language-specific user interface components could allow attackers to inject malicious scripts through multilingual content. These vulnerabilities affect the display of localized strings, error messages, and user-generated content across different language interfaces.

CVE-2026-0850: Information Disclosure in Language Pack Diagnostics

An information disclosure vulnerability in SharePoint's language pack diagnostic and logging systems could expose sensitive system information through language-specific error messages and diagnostic outputs. This could provide attackers with valuable information for further exploitation attempts.

Affected Systems and Prerequisites

KB5002840 applies to the following SharePoint Server 2016 configurations:

Prerequisites

Before installing KB5002840, ensure the following prerequisites are met:

• SharePoint Server 2016 with latest cumulative update installed
• Administrative privileges on all SharePoint servers in the farm
• Minimum 500 MB free disk space on each server
• No active SharePoint maintenance operations or backup processes
• All SharePoint services running and accessible

Installation and Deployment

KB5002840 can be deployed through various methods depending on your organization's update management strategy:

Automatic Deployment via WSUS

For organizations using Windows Server Update Services, KB5002840 will be automatically synchronized and can be approved for deployment to SharePoint servers. Configure update groups to ensure proper staging and testing before production deployment.

Manual Download and Installation

Download individual language pack updates from Microsoft Update Catalog. Each language pack requires a separate update package, typically ranging from 15-25 MB in size. Installation requires SharePoint services to be restarted but does not require a server reboot.

Enterprise Deployment via SCCM

System Center Configuration Manager can be used to deploy KB5002840 across large SharePoint farms. Create separate deployment packages for each required language pack and schedule installations during planned maintenance windows.

Post-Installation Verification

After installing KB5002840, verify the update installation using the following methods:

PowerShell Verification

Get-SPProduct | Where-Object {$_.ProductName -like "*Language Pack*"} | Select ProductName, Version, NeedsUpgrade

Central Administration Verification

Navigate to SharePoint Central Administration > System Settings > Manage servers in this farm to verify that all servers show the updated language pack versions.

Event Log Verification

Check the SharePoint ULS logs and Windows Event Logs for successful installation messages and any error conditions that may require attention.

Security Impact and Risk Mitigation

The vulnerabilities addressed by KB5002840 pose significant risks to SharePoint environments, particularly those serving multilingual content or supporting international user bases. The remote code execution vulnerability (CVE-2026-0847) represents the highest risk, as it could allow attackers to gain complete control over SharePoint servers.

Organizations should prioritize the installation of this update, especially in environments where:

• Multiple language packs are installed and actively used
• External users have content creation or upload privileges
• SharePoint sites contain sensitive or confidential information
• The SharePoint farm is accessible from the internet

Compatibility and Testing Considerations

Before deploying KB5002840 to production environments, thoroughly test the update in development or staging environments that mirror your production configuration. Pay particular attention to:

• Custom language pack implementations or third-party localizations
• Multilingual site collections and variation sites
• Search functionality across different language interfaces
• Custom web parts or applications that rely on language pack resources
• Integration with external systems that consume multilingual SharePoint content