cve-2026-40365

CVE-2026-40365 is a Microsoft SharePoint Server remote code execution vulnerability disclosed on May 12, 2026. Patches are delivered through SharePoint Server security updates, including KB5002870 for SharePoint Server 2019. The vulnerability is considered critical because SharePoint on-premises bridges identity, documents, workflows, intranet applications, and legacy business logic, giving an RCE bug a wide blast radius. Administrators are urged to patch immediately. Discussions on WindowsForum.com focus on the severity of this CVE and the importance of applying the update promptly to mitigate risk in enterprise environments.