KB5002845 — Security Update for SharePoint Server 2019

Overview

KB5002845 is a critical security update released on March 10, 2026, for SharePoint Server 2019. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, elevation of privilege, cross-site scripting, and information disclosure attacks on SharePoint environments.

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities identified in SharePoint Server 2019:

CVE-2026-0847: Remote Code Execution in SharePoint Foundation

A critical vulnerability in SharePoint Foundation's web part processing engine that could allow attackers to execute arbitrary code on the server through specially crafted SharePoint solutions or web part configurations. This vulnerability has a CVSS score of 9.8 and affects all SharePoint Server 2019 installations.

CVE-2026-0848: Elevation of Privilege in SharePoint Server API

An elevation of privilege vulnerability in SharePoint Server API endpoints that could allow authenticated users to gain administrative privileges through exploiting insufficient access control validation. This affects SharePoint REST API, Central Administration, and site collection administration functions.

CVE-2026-0849: Cross-Site Scripting in SharePoint Web Interface

Multiple XSS vulnerabilities in SharePoint's web interface that could allow attackers to inject malicious scripts into SharePoint pages, potentially compromising user sessions or stealing authentication tokens. This affects list views, search results, user profiles, and wiki pages.

CVE-2026-0850: Information Disclosure in Error Handling

An information disclosure vulnerability where detailed error messages could expose sensitive server information to unauthorized users, including database connection strings, file system paths, and internal server configurations.

Affected Systems

Technical Details

The security fixes in KB5002845 implement several security enhancements:

Input Validation Improvements

Enhanced input validation mechanisms have been implemented across SharePoint Foundation components to prevent malicious code injection through user-supplied data. This includes validation of web part properties, custom solution parameters, and API request data.

Access Control Strengthening

Improved access control validation ensures that proper permission checks are performed before granting elevated privileges to users. The update implements additional authorization layers for sensitive SharePoint operations.

Output Encoding Enhancements

Comprehensive output encoding has been implemented to prevent XSS attacks across SharePoint web interfaces. This includes proper encoding of user-generated content in lists, search results, and user profile pages.

Error Handling Improvements

Secure error handling mechanisms now provide generic error messages to users while maintaining detailed logging for administrators. This prevents information disclosure while preserving troubleshooting capabilities.

Installation Requirements

Before installing KB5002845, ensure the following prerequisites are met:

• SharePoint Server 2019 with Service Pack 1 or later installed
• Administrative privileges on all SharePoint servers in the farm
• Minimum 500 MB free disk space on the system drive
• All SharePoint services stopped during installation
• Database backup completed before applying the update

Deployment Considerations

For SharePoint farm environments, deploy this update in the following order:

1. Apply the update to the SharePoint server hosting Central Administration
2. Apply to additional application servers
3. Apply to web front-end servers
4. Run SharePoint Products Configuration Wizard on each server
5. Restart SharePoint services and verify functionality

Post-Installation Verification

After installing KB5002845, verify the update was applied successfully:

Get-SPProduct -Local | Where-Object {$_.ProductName -like "*SharePoint*"}

Check the SharePoint Central Administration > System Settings > Manage servers in this farm to confirm all servers show the updated build number.

Security Impact

Organizations should prioritize the deployment of KB5002845 due to the critical nature of the vulnerabilities addressed. The remote code execution vulnerability (CVE-2026-0847) poses the highest risk and could allow complete compromise of SharePoint servers if exploited.