Patch tracker / Products / Microsoft SharePoint Server Subscription Edition

Microsoft SharePoint Server Subscription Edition: vulnerabilities and security updates

Every CVE affecting Microsoft SharePoint Server Subscription Edition and the Microsoft update (KB) that fixes it, ranked by real-world risk. Actively exploited (CISA KEV) first, then EPSS exploit probability, on top of CVSS severity.

CVEs
68
Updates (KBs)
68
Actively exploited (KEV)
6
Critical Severity
4

CVEs affecting Microsoft SharePoint Server Subscription Edition

CVESeverityCVSSEPSSStatus
CVE-2025-53770Critical9.8100%KEVRansomware
CVE-2025-49704High8.8100%KEVRansomware
CVE-2025-49706High8.8100%KEVRansomware
CVE-2024-38094High7.553%KEVRansomware
CVE-2026-32201Medium6.525%KEV
CVE-2026-45659High8.83.2%KEV
CVE-2025-53771Critical9.8100%-
CVE-2025-49701High8.8100%-
CVE-2025-49703High8.8100%-
CVE-2024-38018High8.851%-
CVE-2024-43464High8.851%-
CVE-2024-38227High8.851%-
CVE-2024-38228High8.851%-
CVE-2024-43466High8.851%-
CVE-2024-38023High7.553%-
CVE-2024-38024High7.553%-
CVE-2024-32987High7.553%-
CVE-2026-20947Critical9.829%-
CVE-2026-20948Critical9.829%-
CVE-2025-21400High8.031%-
CVE-2025-29793High8.822%-
CVE-2025-29794High8.822%-
CVE-2025-53760High8.818%-
CVE-2025-53733High8.818%-
CVE-2025-53736High8.818%-
CVE-2025-49712High8.818%-
CVE-2025-54897High8.818%-
CVE-2025-54905High8.818%-
CVE-2025-54906High8.818%-
CVE-2026-20945Medium6.525%-
CVE-2025-47163High8.813%-
CVE-2025-47166High8.813%-
CVE-2025-47168High8.813%-
CVE-2025-47169High8.813%-
CVE-2025-47172High8.813%-
CVE-2026-40367High8.84.4%-
CVE-2026-35439High8.83.2%-
CVE-2026-40368High8.83.2%-
CVE-2026-33110High8.83.2%-
CVE-2026-33112High8.83.2%-
CVE-2026-40357High8.83.2%-
CVE-2026-40365High8.83.2%-
CVE-2026-47294High8.83.2%-
CVE-2026-26105High8.82.4%-
CVE-2026-26113High8.82.4%-
CVE-2026-26106High8.82.4%-
CVE-2026-26114High8.82.4%-
CVE-2025-59228High8.82.3%-
CVE-2025-59237High8.82.3%-
CVE-2025-59235High8.82.3%-
CVE-2025-59221High8.82.3%-
CVE-2025-59222High8.82.3%-
CVE-2025-59232High8.82.3%-
CVE-2024-49064High8.23.3%-
CVE-2024-49068High8.23.3%-
CVE-2024-49070High8.23.3%-
CVE-2024-49062High8.23.3%-
CVE-2024-49065High8.23.3%-
CVE-2025-64672High8.81.0%-
CVE-2025-62204High8.02.0%-
CVE-2025-29976High7.82.1%-
CVE-2025-30378High7.82.1%-
CVE-2025-30382High7.82.1%-
CVE-2025-30384High7.82.1%-
CVE-2025-21344High7.81.7%-
CVE-2025-21348High7.81.7%-
CVE-2025-21393High7.81.7%-
CVE-2024-43503High7.80.7%-

Updates (KBs) for Microsoft SharePoint Server Subscription Edition

UpdateReleasedSeverityCVSSEPSSCVEsStatus
KB50027532025-07-08Critical9.8100%2KEVRansomware
KB50027542025-07-08Critical9.8100%2KEVRansomware
KB50027592025-07-08Critical9.8100%2KEVRansomware
KB50027602025-07-08Critical9.8100%2KEVRansomware
KB50027682025-07-08Critical9.8100%2KEVRansomware
KB50027412025-07-08High8.8100%4KEVRansomware
KB50027442025-07-08High8.8100%4KEVRansomware
KB50027512025-07-08High8.8100%2KEVRansomware
KB50026062024-07-09High7.553%4KEVRansomware
KB50026152024-07-09High7.553%4KEVRansomware
KB50026182024-07-09High7.553%4KEVRansomware
KB50028532026-04-14Medium6.525%2KEV
KB50028542026-04-14Medium6.525%2KEV
KB50028612026-04-14Medium6.525%2KEV
KB50028632026-05-12High8.83.2%9KEV
KB50028682026-05-12High8.83.2%9KEV
KB50028702026-05-12High8.83.2%9KEV
KB50026242024-09-10High8.851%5-
KB50026392024-09-10High8.851%5-
KB50026402024-09-10High8.851%5-
KB50026782025-02-11High8.031%1-
KB50026812025-02-11High8.031%1-
KB50026852025-02-11High8.031%1-
KB50027052025-04-08High8.822%2-
KB50027692025-08-12High8.818%4-
KB50027712025-08-12High8.818%4-
KB50027752025-09-09High8.818%3-
KB50027782025-09-09High8.818%3-
KB50027842025-09-09High8.818%1-
KB50028232026-01-13High8.818%2-
KB50028272026-01-13High8.818%2-
KB50027292025-06-10High8.813%5-
KB50027322025-06-10High8.813%5-
KB50027362025-06-10High8.813%3-
KB50028562026-04-14Medium4.625%1-
KB50028622026-04-14Medium4.625%1-
KB50027732025-08-12High7.112%1-
KB50028452026-03-10High8.82.4%4-
KB50028502026-03-10High8.82.4%4-
KB50027862025-10-14High8.82.3%2-
KB50027882025-10-14High8.82.3%6-
KB50027962025-10-14High8.82.3%6-
KB50028432026-03-10High8.81.4%3-
KB50025442024-12-10High8.23.3%4-
KB50026572024-12-10High8.23.3%5-
KB50026582024-12-10High8.23.3%4-
KB50026592024-12-10High8.23.3%5-
KB50026642024-12-10High8.23.3%4-
KB50028152025-12-09High8.81.0%1-
KB50028472026-03-10High8.40.5%1-
KB50028482026-03-10High8.40.5%1-
KB50028512026-03-10High8.40.5%1-
KB50028002025-11-11High8.02.0%1-
KB50028032025-11-11High8.02.0%1-
KB50028052025-11-11High8.02.0%1-
KB50027082025-05-13High7.82.1%4-
KB50027092025-05-13High7.82.1%4-
KB50027222025-05-13High7.82.1%4-
KB50026662025-01-14High7.81.7%3-
KB50026672025-01-14High7.81.7%3-
KB50026712025-01-14High7.81.7%3-
KB50026722025-01-14High7.81.7%3-
KB50026762025-01-14High7.81.7%3-
KB50026452024-10-08High7.80.7%1-
KB50026472024-10-08High7.80.7%1-
KB50026492024-10-08High7.80.7%1-
KB50027062025-05-13High7.80.6%1-
KB50027122025-05-13High7.80.6%1-

Ranked across all products on the Microsoft patch tracker and the CVE and vulnerability management reference. Browse every product: product index.

Most searched on Senserva right now

Sponsored by Senserva

This page shows the fix. Siemserva by Senserva shows which of your devices are still missing it: which ones are exposed to Microsoft SharePoint Server Subscription Edition, for example, ranked by what attackers actually exploit.

  • Patch status in one scan: which devices are affected, which are not
  • Missing updates ranked by CISA KEV and EPSS, so you fix the right things first
  • Data from Intune, Microsoft Defender, Windows Autopatch, and Azure Update Manager, with more sources on the way
  • Third-party app patching too: updates published to Intune by PatchMyPC, Scappman, Robopack, or any vendor, read vendor-neutrally
  • Optional AI Enhanced Reporting: plain-language summaries and recommended next steps written into your reports
  • Then go further: 650+ security checks find configuration drift the moment it happens, with compliance evidence and Senserva Trustworthy AI remediation
Senserva patching for Microsoft 365
Two minutes, click to play

Patching in action in two minutes. Watch page · All videos.

3 actively exploited CVEs are unmitigated on devices in this tenant, per CISA KEV.View fix-first list ↓
312
Devices scanned
Intune + Autopatch + Defender
3
Exploited updates missing
CISA KEV, unmitigated
905
Microsoft updates tracked
Refreshed daily, MSRC + NVD
650+
Security checks in scan
Patch, config, identity, logs

Triage order for this list

Same order in the dashboard, the report, and every AI answer
1st · overrides everything
Actively exploited (KEV)
e.g. KB5040219, CVE-2026-31210
2nd · tiebreaker
Severity (Critical → Low)
MSRC + EPSS probability
3rd · tiebreaker
Days waiting
Oldest unresolved first

Ranked missing updates, fix-first order

27 findings · showing top 2
#UpdateCVESeveritySourceDevicesWaiting
1KB5040219
Windows 11 23H2 cumulative
CVE-2026-31210
KEV EPSS 0.94
CriticalDefender4119 daysAdd to fix-first
2KB5040088
.NET Framework security update
CVE-2026-29981
KEV
CriticalIntune1712 daysAdd to fix-first
Estimated dashboard, sample data for illustration

Ask Senserva

via Claude + MCP
Which devices are still missing the fix for CVE-2026-31210?
41 devices are missing KB5040219, which resolves CVE-2026-31210. This CVE is on CISA KEV, so CISA BOD 22-01 calls for remediation within 14 days. You are at 19 days and counting.
source: scan_db · defender_posture · kev_join, not model memory
Get Devices Found Get Devices Missing
Senserva is a Microsoft Intelligent Security Association member. Get Going with Senserva Senserva patching Built for IT admins and security teams, with audit-ready data for compliance.
Lexicon: the terms on this page
CVE
Common Vulnerabilities and Exposures. A unique ID for one publicly known vulnerability, such as CVE-2025-1234.
KB
Microsoft Knowledge Base article. The identifier for a specific Microsoft update.
KEV
CISA Known Exploited Vulnerabilities. CVEs confirmed exploited in the wild. Fix these first.
CVSS
Common Vulnerability Scoring System. A standardized Severity score from 0 to 10.
EPSS
Exploit Prediction Scoring System. The probability a CVE will be exploited in the next 30 days.
MSRC
Microsoft Security Response Center. Microsoft's Patch Tuesday advisories and KB-to-CVE mapping.
NVD
National Vulnerability Database (NIST). Authoritative CVE metadata and CVSS scores.
Ransomware
The vulnerability is linked to known ransomware activity.

Please link to this page to stay current.

Reference: Microsoft CVE and vulnerability management, the full CVE-to-patch lookup ranked by real-world risk, and the Microsoft patching guide, how Intune, Windows Autopatch, Defender, and Azure Update Manager fit together.
Data notice: this page, the feeds, and the API are provided as is, for informational purposes only, without warranty of any kind. Senserva, LLC does not guarantee the accuracy, completeness, or timeliness of third-party data (MSRC, NVD, CISA KEV, EPSS) and accepts no liability for actions taken based on it; verify against the authoritative vendor advisory before acting. Built daily with Senserva Trustworthy AI. All use of this data is subject to the Senserva EULA.