KB5002847 is a March 10, 2026 security update for SharePoint Server 2019 Language Pack. This update addresses critical security vulnerabilities in language-specific components and localization features that could allow remote code execution and elevation of privilege attacks in multilingual SharePoint deployments.
KB5002847Microsoft SharePointSharePoint
KB5002847 — Security Update for SharePoint Server 2019 Language Pack
KB5002847 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019 Language Pack components, including remote code execution and elevation of privilege flaws affecting multilingual SharePoint environments.
Emanuel DE ALMEIDAKB5002847 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019 Language Pack components, including remote code execution and elevation of privilege flaws affecting multilingual SharePoint environments.
Overview
In This Article
- Issue Description
- Root Cause
- 1Fixes remote code execution vulnerability in language pack web parts (CVE-2026-0847)
- 2Resolves elevation of privilege vulnerability in language configuration (CVE-2026-0848)
- 3Patches cross-site scripting vulnerabilities in localized UI components (CVE-2026-0849)
- 4Addresses information disclosure in language-specific error handling (CVE-2026-0850)
- Installation
- Known Issues
- Frequently Asked Questions
Applies to
SharePoint Server 2019 with Language Pack installations
Issue Description
Issue Description
This security update addresses several vulnerabilities in SharePoint Server 2019 Language Pack components that could be exploited by attackers:
- Remote Code Execution: Malicious users could execute arbitrary code on SharePoint servers through crafted language-specific content or localized web parts
- Elevation of Privilege: Authenticated users could gain unauthorized administrative access through language pack configuration vulnerabilities
- Cross-Site Scripting (XSS): Improper input validation in localized user interface elements could allow script injection attacks
- Information Disclosure: Language-specific error messages and localization files could expose sensitive system information
These vulnerabilities primarily affect SharePoint farms with multiple language packs installed and sites configured for multilingual support.
Root Cause
Root Cause
The vulnerabilities stem from insufficient input validation and improper security checks in SharePoint Server 2019 Language Pack components. Specifically, the issues occur in localization handlers, language-specific web parts, and multilingual content processing modules that fail to properly sanitize user input and validate permissions in multilingual contexts.
1
Fixes remote code execution vulnerability in language pack web parts (CVE-2026-0847)
This update patches a critical remote code execution vulnerability in SharePoint Server 2019 Language Pack web parts. The fix implements proper input validation and sanitization for language-specific content processing, preventing attackers from executing arbitrary code through malicious multilingual web part configurations.
Components Updated:
- Language Pack web part rendering engine
- Multilingual content processors
- Localization service handlers
Impact: Prevents unauthorized code execution through crafted language-specific web part content.
2
Resolves elevation of privilege vulnerability in language configuration (CVE-2026-0848)
This fix addresses an elevation of privilege vulnerability in SharePoint Server 2019 Language Pack configuration management. The update strengthens permission checks and access controls for language pack administration functions, preventing authenticated users from gaining unauthorized administrative privileges.
Security Enhancements:
- Enhanced permission validation for language pack configuration
- Improved access control checks for multilingual site administration
- Strengthened authentication requirements for language-specific operations
Impact: Prevents privilege escalation through language pack configuration vulnerabilities.
3
Patches cross-site scripting vulnerabilities in localized UI components (CVE-2026-0849)
This update fixes multiple cross-site scripting (XSS) vulnerabilities in SharePoint Server 2019 Language Pack user interface components. The fix implements proper output encoding and input validation for localized strings, error messages, and multilingual user interface elements.
UI Components Patched:
- Localized error message handlers
- Multilingual navigation components
- Language-specific form controls
- Regional settings interface elements
Impact: Prevents script injection attacks through localized user interface components.
4
Addresses information disclosure in language-specific error handling (CVE-2026-0850)
This fix resolves an information disclosure vulnerability in SharePoint Server 2019 Language Pack error handling mechanisms. The update modifies error message generation and logging to prevent sensitive system information from being exposed through language-specific error responses.
Error Handling Improvements:
- Sanitized error messages in multilingual contexts
- Reduced information exposure in language pack diagnostic logs
- Enhanced privacy controls for localization debugging information
Impact: Prevents unauthorized access to sensitive system information through language pack error messages.
Installation
Installation
KB5002847 is available through multiple deployment channels for SharePoint Server 2019 environments:
Automatic Installation
This update is delivered automatically through Windows Update for SharePoint servers with automatic updates enabled. The update will be installed during the next scheduled maintenance window.
Manual Download
System administrators can download KB5002847 manually from the Microsoft Update Catalog:
- File Name: sharepoint-server-2019-kb5002847-fullfile-x64-glb.exe
- File Size: Approximately 145 MB
- Architecture: x64 only
Enterprise Deployment
For enterprise environments, this update can be deployed through:
- Windows Server Update Services (WSUS): Available in the SharePoint Products classification
- Microsoft System Center Configuration Manager (SCCM): Distributed through software update management
- Microsoft Intune: Available for cloud-managed SharePoint servers
Prerequisites
Before installing KB5002847, ensure the following requirements are met:
- SharePoint Server 2019 with at least one Language Pack installed
- Minimum 500 MB free disk space on system drive
- Administrative privileges on the SharePoint server
- All SharePoint services stopped during installation
Installation Process
Restart Required: Yes - A system restart is required to complete the installation.
Installation Time: Approximately 15-30 minutes depending on the number of installed language packs.
Known Issues
Known Issues
The following issues have been reported after installing KB5002847:
Language Pack Service Startup Delays
Some SharePoint farms may experience delayed startup of language pack services after applying this update. This typically resolves automatically within 10-15 minutes of server restart.
Workaround: Manually restart the SharePoint Timer Service if language-specific features remain unavailable after 15 minutes.
Multilingual Search Indexing Issues
In rare cases, SharePoint search crawling may temporarily fail for multilingual content immediately after update installation.
Resolution: Perform a full search crawl after the update installation completes to rebuild multilingual search indexes.
Language Pack Configuration UI Changes
The security enhancements in this update may require additional permissions for users who previously had access to language pack configuration settings.
Action Required: Review and update SharePoint permissions for users who need access to multilingual site configuration features.
Custom Language Pack Compatibility
Third-party or custom language packs may require updates to maintain compatibility with the security enhancements in KB5002847.
Recommendation: Test custom language pack functionality in a development environment before deploying to production.
Overview
KB5002847 is a critical security update released on March 10, 2026, for SharePoint Server 2019 Language Pack components. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, elevation of privilege, cross-site scripting, and information disclosure attacks in multilingual SharePoint environments.
Security Vulnerabilities Addressed
This update resolves four distinct security vulnerabilities identified in SharePoint Server 2019 Language Pack components:
CVE-2026-0847: Remote Code Execution in Language Pack Web Parts
A critical vulnerability in language pack web part rendering allows authenticated attackers to execute arbitrary code on SharePoint servers. The vulnerability occurs when processing malicious multilingual content through language-specific web parts, potentially leading to complete server compromise.
CVE-2026-0848: Elevation of Privilege in Language Configuration
This vulnerability enables authenticated users to gain administrative privileges through improper access controls in language pack configuration interfaces. Attackers could exploit this flaw to modify multilingual site settings and gain unauthorized access to sensitive SharePoint resources.
CVE-2026-0849: Cross-Site Scripting in Localized UI Components
Multiple XSS vulnerabilities exist in SharePoint Server 2019 Language Pack user interface components. These flaws allow attackers to inject malicious scripts through localized error messages, navigation elements, and form controls, potentially compromising user sessions and stealing sensitive information.
CVE-2026-0850: Information Disclosure in Language Error Handling
Improper error handling in language pack components can expose sensitive system information through detailed error messages and diagnostic logs. This information could be used by attackers to plan more sophisticated attacks against SharePoint infrastructure.
Affected Systems
KB5002847 applies to the following SharePoint Server 2019 configurations:
| Product | Version | Language Pack Requirement | Status |
|---|---|---|---|
| SharePoint Server 2019 | RTM (16.0.10337.12109) | Any Language Pack installed | Affected |
| SharePoint Server 2019 | Feature Update 1 (16.0.10338.20039) | Any Language Pack installed | Affected |
| SharePoint Server 2019 | Feature Update 2 (16.0.10372.20060) | Any Language Pack installed | Affected |
| SharePoint Server 2019 | All subsequent updates | Any Language Pack installed | Affected |
Note: This update only affects SharePoint Server 2019 installations with at least one Language Pack installed. Servers with only English language support are not affected by these vulnerabilities.
Installation Requirements
Before installing KB5002847, administrators must ensure their SharePoint environment meets the following prerequisites:
System Requirements
- Operating System: Windows Server 2016 or Windows Server 2019
- SharePoint Version: SharePoint Server 2019 with Language Pack
- Disk Space: Minimum 500 MB free space on system drive
- Memory: At least 2 GB available RAM during installation
- Network: Internet connectivity for automatic updates (if applicable)
Service Dependencies
The following SharePoint services must be stopped before installation:
- SharePoint Timer Service
- SharePoint Administration Service
- SharePoint Search Host Controller Service
- SharePoint User Code Host Service
Backup Recommendations
Important: Create a full SharePoint farm backup before installing this security update. Include configuration databases, content databases, and search index files in the backup.
Deployment Considerations
Production Environment Deployment
For production SharePoint farms, Microsoft recommends the following deployment approach:
- Test Environment Validation: Install and test
KB5002847in a development or staging environment that mirrors the production configuration - Maintenance Window Planning: Schedule installation during planned maintenance windows to minimize user impact
- Phased Rollout: For multi-server farms, install the update on one server at a time to maintain service availability
- Monitoring: Monitor SharePoint services and multilingual functionality for 24-48 hours after installation
High Availability Considerations
In SharePoint farms with high availability configurations:
- Install updates on secondary servers first
- Verify functionality before updating primary servers
- Coordinate with load balancer configurations to manage traffic during updates
- Test failover scenarios after update completion
Post-Installation Verification
After installing KB5002847, perform the following verification steps:
Service Status Verification
Get-Service | Where-Object {$_.Name -like "*SharePoint*"} | Select-Object Name, StatusLanguage Pack Functionality Testing
- Verify multilingual site navigation functions correctly
- Test language-specific web parts and content rendering
- Confirm localized error messages display appropriately
- Validate search functionality for multilingual content
Security Configuration Review
- Review SharePoint permissions for language pack administration
- Verify access controls for multilingual site configuration
- Test authentication requirements for language-specific operations
Update Rollback
If issues occur after installing KB5002847, the update can be removed through the following methods:
Control Panel Method
- Open Programs and Features in Control Panel
- Click View installed updates
- Locate
KB5002847in the list - Right-click and select Uninstall
- Restart the server when prompted
PowerShell Method
Get-HotFix -Id KB5002847 | Remove-HotFix -RestartImportant: Removing this security update will restore the original vulnerabilities. Only uninstall if critical functionality issues occur, and plan to reinstall after resolving compatibility problems.
Frequently Asked Questions
What does KB5002847 resolve?
KB5002847 resolves four critical security vulnerabilities in SharePoint Server 2019 Language Pack components, including remote code execution (CVE-2026-0847), elevation of privilege (CVE-2026-0848), cross-site scripting (CVE-2026-0849), and information disclosure (CVE-2026-0850) flaws that could compromise multilingual SharePoint environments.
Which systems require KB5002847?
This update is required for all SharePoint Server 2019 installations that have at least one Language Pack installed. Servers with only English language support are not affected. The update applies to all SharePoint Server 2019 versions from RTM through the latest feature updates.
Is KB5002847 a security update?
Yes, KB5002847 is a critical security update that addresses multiple high-severity vulnerabilities in SharePoint Server 2019 Language Pack components. The update includes fixes for remote code execution, privilege escalation, cross-site scripting, and information disclosure vulnerabilities.
What are the prerequisites for KB5002847?
Prerequisites include SharePoint Server 2019 with at least one Language Pack installed, minimum 500 MB free disk space, administrative privileges, and all SharePoint services stopped during installation. A system restart is required to complete the installation process.
Are there known issues with KB5002847?
Known issues include potential language pack service startup delays, temporary multilingual search indexing problems, changes to language pack configuration UI permissions, and possible compatibility issues with custom or third-party language packs. Most issues resolve automatically or have documented workarounds.
References (3)
1
KB5002847 : Mise à jour de sécurité pour le Pack de langue de SharePoint Server 2019Article de support officiel de Microsoft avec des informations détaillées sur la mise à jour de sécuritéhttps://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-language-pack-march-10-2026-kb5002847-c364d400-380d-4cb4-a293-12208400c3ea
2Guide de déploiement du pack linguistique SharePoint Server 2019Guide complet pour le déploiement et la gestion des packs linguistiques de SharePoint Server 2019https://learn.microsoft.com/en-us/sharepoint/install/language-packs
3Mises à jour de sécurité et correctifs de SharePoint ServerRessource centrale pour les mises à jour de sécurité et la gestion des correctifs de SharePoint Serverhttps://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/security-updates
About the Author
Discussion
Share your thoughts and insights
You must be logged in to comment.
Loading comments...
Related KB Articles
KB5002850
Microsoft SharePoint
KB Article
KB5002850 — Security Update for SharePoint Server 2016
KB5002850 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016, including remote code execution and elevation of privilege flaws affecting SharePoint Enterprise Server 2016 installations.
Mar 1112 min
KB5002845
Microsoft SharePoint
KB Article
KB5002845 — Security Update for SharePoint Server 2019
KB5002845 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and elevation of privilege flaws affecting SharePoint Foundation and Server components.
Mar 119 min
KB5002851
Microsoft SharePoint
KB Article
KB5002851 — Security Update for SharePoint Server 2016 Language Pack
KB5002851 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016 Language Pack, including remote code execution and information disclosure flaws affecting multilingual SharePoint environments.
Mar 1112 min
KB5002834
Microsoft SharePoint Server
KB Article
KB5002834 — Security Update for SharePoint Server 2019
KB5002834 is a February 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and cross-site scripting flaws affecting enterprise SharePoint deployments.
Mar 117 min