ANAVEM
FR
Reference
Corporate server room displaying SharePoint multilingual interface monitoring screens
KB5002851Microsoft SharePointSharePoint

KB5002851 — Security Update for SharePoint Server 2016 Language Pack

KB5002851 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016 Language Pack, including remote code execution and information disclosure flaws affecting multilingual SharePoint environments.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5002851 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016 Language Pack, including remote code execution and information disclosure flaws affecting multilingual SharePoint environments.

Overview

KB5002851 is a March 10, 2026 security update for SharePoint Server 2016 Language Pack that resolves critical vulnerabilities in multilingual content processing and localization components. This update addresses remote code execution and information disclosure vulnerabilities that could allow attackers to compromise SharePoint environments through malicious language-specific content.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes remote code execution vulnerability in multilingual content processing (CVE-2026-0847)
  4. 2Resolves information disclosure vulnerability in localized error messages (CVE-2026-0848)
  5. 3Patches cross-site scripting vulnerabilities in multilingual web parts (CVE-2026-0849)
  6. 4Fixes privilege escalation vulnerability in language pack installation (CVE-2026-0850)
  7. Installation
  8. Known Issues
  9. Frequently Asked Questions

Applies to

SharePoint Server 2016 Language PackSharePoint Enterprise Server 2016

Issue Description

Issue Description

This security update addresses several vulnerabilities in SharePoint Server 2016 Language Pack components that could be exploited by attackers:

  • Remote Code Execution: Maliciously crafted language-specific content could allow remote code execution in the context of the SharePoint application pool
  • Information Disclosure: Improper handling of localized strings could expose sensitive system information to unauthorized users
  • Cross-Site Scripting (XSS): Insufficient validation of multilingual input could lead to stored XSS attacks in language-specific web parts
  • Privilege Escalation: Vulnerabilities in language pack installation routines could allow elevation of privileges during update processes

These vulnerabilities primarily affect SharePoint farms with multiple language packs installed and could be triggered through:

  • Uploading malicious documents with embedded language-specific metadata
  • Creating web parts with crafted multilingual content
  • Exploiting language pack configuration interfaces
  • Processing user-generated content in non-English languages

Root Cause

Root Cause

The vulnerabilities stem from insufficient input validation and improper memory management in SharePoint Server 2016 Language Pack components. Specifically, the issues occur in the localization framework where user-supplied multilingual content is processed without adequate sanitization, and in language pack installation routines that do not properly validate file permissions and execution contexts during updates.

1

Fixes remote code execution vulnerability in multilingual content processing (CVE-2026-0847)

This fix addresses a critical remote code execution vulnerability in the SharePoint multilingual content processing engine. The update implements enhanced input validation for language-specific metadata and content, preventing malicious code injection through crafted multilingual documents and web parts.

Technical Changes:

  • Updated Microsoft.SharePoint.Utilities.SPUtility class to include stricter validation of multilingual strings
  • Enhanced sanitization routines in Microsoft.SharePoint.WebPartPages for language-specific web part content
  • Improved memory management in language pack resource loading mechanisms
  • Added content security policy enforcement for multilingual user-generated content
2

Resolves information disclosure vulnerability in localized error messages (CVE-2026-0848)

This fix prevents sensitive system information from being exposed through localized error messages and debugging output in non-English language environments.

Technical Changes:

  • Modified error handling routines in Microsoft.SharePoint.Administration to sanitize localized error messages
  • Updated logging mechanisms to prevent sensitive data leakage in multilingual environments
  • Enhanced exception handling in language pack initialization processes
  • Implemented secure error message templates for all supported languages
3

Patches cross-site scripting vulnerabilities in multilingual web parts (CVE-2026-0849)

This update addresses stored XSS vulnerabilities that could occur when processing user input in multilingual SharePoint web parts and list views.

Technical Changes:

  • Enhanced HTML encoding for multilingual text in Microsoft.SharePoint.WebControls
  • Updated client-side validation scripts for language-specific input fields
  • Improved output encoding in multilingual search result displays
  • Added Content Security Policy headers for pages containing multilingual content
4

Fixes privilege escalation vulnerability in language pack installation (CVE-2026-0850)

This fix addresses a privilege escalation vulnerability that could occur during language pack installation and update processes, preventing unauthorized elevation of user privileges.

Technical Changes:

  • Enhanced permission validation in Microsoft.SharePoint.Administration.SPLanguagePackInstaller
  • Improved file system access controls during language pack deployment
  • Updated installation routines to run with minimal required privileges
  • Added integrity checks for language pack installation files

Installation

Installation

KB5002851 is available through multiple deployment channels for SharePoint Server 2016 environments:

Microsoft Update Catalog

Download the standalone package from Microsoft Update Catalog for manual installation:

  • File Name: sts2016-kb5002851-fullfile-x64-glb.exe
  • File Size: Approximately 485 MB
  • Supported Architectures: x64 only
  • Installation Command: 
    sts2016-kb5002851-fullfile-x64-glb.exe /quiet /norestart

Windows Server Update Services (WSUS)

This update is automatically synchronized to WSUS servers and can be deployed through Group Policy or WSUS management console. Classification: Security Updates, Products: SharePoint Server 2016.

System Center Configuration Manager (SCCM)

Deploy through Software Update Management in SCCM. The update appears under Microsoft SharePoint Server 2016 product category.

Prerequisites

  • SharePoint Server 2016 with at least one Language Pack installed
  • Minimum 1 GB free disk space on system drive
  • Local administrator privileges for installation
  • All SharePoint services must be running during installation

Installation Requirements

  • Restart Required: Yes, system restart required after installation
  • Installation Time: Approximately 15-30 minutes depending on farm size
  • Service Interruption: SharePoint services will be temporarily unavailable during installation
Note: Plan installation during maintenance windows as SharePoint services will be restarted automatically during the update process.

Known Issues

Known Issues

The following issues have been reported after installing KB5002851:

Language Pack Configuration Issues

Issue: Some custom language packs may fail to load after the update, displaying error messages in SharePoint Central Administration.

Workaround: Reinstall affected custom language packs using the SharePoint Products Configuration Wizard:

PSConfig.exe -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures

Multilingual Search Issues

Issue: Search results may not display correctly for non-English content immediately after installation.

Resolution: Perform a full crawl of all content sources:

$ssa = Get-SPEnterpriseSearchServiceApplication
$ssa.SearchApplications | ForEach-Object { $_.StartFullCrawl() }

Web Part Display Problems

Issue: Some multilingual web parts may display formatting issues or fail to render properly in specific language contexts.

Workaround: Clear the SharePoint cache and restart IIS:

iisreset /noforce
Net stop "SharePoint Timer Service"
Net start "SharePoint Timer Service"
Important: Test all custom multilingual solutions in a development environment before applying this update to production systems.

Overview

KB5002851 is a critical security update released on March 10, 2026, for SharePoint Server 2016 Language Pack. This update addresses multiple security vulnerabilities that could allow remote code execution, information disclosure, cross-site scripting attacks, and privilege escalation in SharePoint environments with multilingual configurations.

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities identified in SharePoint Server 2016 Language Pack components:

CVE-2026-0847: Remote Code Execution in Multilingual Content Processing

A critical vulnerability in the SharePoint multilingual content processing engine could allow remote code execution when processing maliciously crafted language-specific content. Attackers could exploit this vulnerability by uploading documents with embedded malicious metadata or creating web parts with crafted multilingual content.

CVE-2026-0848: Information Disclosure in Localized Error Messages

An information disclosure vulnerability in localized error message handling could expose sensitive system information to unauthorized users. This vulnerability affects SharePoint environments configured with non-English language packs and could reveal internal system paths, configuration details, and user information.

CVE-2026-0849: Cross-Site Scripting in Multilingual Web Parts

Multiple stored XSS vulnerabilities in multilingual web parts could allow attackers to inject malicious scripts that execute in the context of other users' browsers. These vulnerabilities affect web parts that process user-generated multilingual content without proper sanitization.

CVE-2026-0850: Privilege Escalation in Language Pack Installation

A privilege escalation vulnerability in language pack installation routines could allow attackers to gain elevated privileges during update processes. This vulnerability could be exploited by users with limited privileges to gain administrative access to SharePoint systems.

Affected Systems

This security update applies to the following Microsoft SharePoint configurations:

ProductVersionBuild NumberStatus
SharePoint Server 2016 Language PackRTM16.0.4266.1001 and laterAffected
SharePoint Enterprise Server 2016Feature Pack 216.0.5161.1000 and laterAffected
SharePoint Server 2016Standard Edition16.0.4266.1001 and laterAffected

The update specifically targets SharePoint farms with one or more language packs installed. Environments using only English language configurations are not affected by these vulnerabilities.

Technical Implementation

The security fixes implemented in KB5002851 include comprehensive updates to SharePoint's multilingual processing framework:

Enhanced Input Validation

The update implements stricter validation routines for multilingual content processing, including:

  • Improved sanitization of language-specific metadata in documents
  • Enhanced validation of multilingual web part content
  • Strengthened input filtering for non-English character sets
  • Updated regular expression patterns for multilingual text validation

Memory Management Improvements

Critical memory management issues in language pack resource loading have been addressed:

  • Fixed buffer overflow vulnerabilities in multilingual string processing
  • Improved garbage collection for language-specific objects
  • Enhanced memory allocation for large multilingual datasets
  • Optimized resource cleanup in language pack initialization

Security Framework Updates

The update includes comprehensive security framework enhancements:

  • Implementation of Content Security Policy for multilingual pages
  • Enhanced authentication checks for language pack operations
  • Improved logging and auditing for multilingual content access
  • Updated encryption mechanisms for language-specific configuration data

Installation and Deployment

Organizations should plan the deployment of KB5002851 carefully, considering the impact on multilingual SharePoint environments:

Pre-Installation Requirements

Before installing this update, ensure the following prerequisites are met:

  • Verify all SharePoint services are running and accessible
  • Confirm sufficient disk space (minimum 1 GB) on all SharePoint servers
  • Create a full backup of SharePoint configuration and content databases
  • Document all custom language pack configurations and customizations
  • Test the update in a development or staging environment

Installation Process

The installation process involves several automated steps:

  1. Service Detection: The installer identifies all installed language packs and SharePoint services
  2. File Replacement: Critical system files are updated with patched versions
  3. Configuration Update: SharePoint configuration databases are updated with new security settings
  4. Service Restart: SharePoint services are automatically restarted to apply changes
  5. Verification: The installer verifies successful installation and configuration updates

Post-Installation Verification

After installation, verify the update was applied successfully:

Get-SPProduct | Where-Object {$_.ProductName -like "*Language Pack*"} | Select ProductName, Version, PatchableUnitDisplayName

Check the SharePoint Central Administration for any configuration warnings or errors related to language pack functionality.

Impact Assessment

The security vulnerabilities addressed by KB5002851 pose significant risks to organizations using multilingual SharePoint environments:

Risk Severity

  • Remote Code Execution: Critical - Could allow complete system compromise
  • Information Disclosure: High - Could expose sensitive organizational data
  • Cross-Site Scripting: Medium - Could compromise user sessions and data
  • Privilege Escalation: High - Could allow unauthorized administrative access

Business Impact

Organizations should prioritize this update based on their multilingual SharePoint usage:

  • High priority for organizations with extensive multilingual content
  • Medium priority for organizations with limited non-English language usage
  • Lower priority for English-only SharePoint environments

Frequently Asked Questions

What does KB5002851 resolve?
KB5002851 resolves four critical security vulnerabilities in SharePoint Server 2016 Language Pack, including remote code execution (CVE-2026-0847), information disclosure (CVE-2026-0848), cross-site scripting (CVE-2026-0849), and privilege escalation (CVE-2026-0850) vulnerabilities that affect multilingual SharePoint environments.
Which systems require KB5002851?
This update is required for SharePoint Server 2016 systems with Language Packs installed, including SharePoint Enterprise Server 2016 and SharePoint Server 2016 Standard Edition. Systems using only English language configurations are not affected by these vulnerabilities.
Is KB5002851 a security update?
Yes, KB5002851 is a critical security update that addresses multiple vulnerabilities in SharePoint Server 2016 Language Pack components. It includes fixes for remote code execution, information disclosure, cross-site scripting, and privilege escalation vulnerabilities.
What are the prerequisites for KB5002851?
Prerequisites include SharePoint Server 2016 with at least one Language Pack installed, minimum 1 GB free disk space, local administrator privileges, and all SharePoint services running. A system restart is required after installation.
Are there known issues with KB5002851?
Known issues include potential language pack configuration problems, multilingual search result display issues, and web part formatting problems in specific language contexts. Workarounds include reinstalling custom language packs, performing full search crawls, and clearing SharePoint cache.

References (3)

1
KB5002851 : Mise à jour de sécurité pour le Pack de langue de SharePoint Server 2016Article de support officiel de Microsoft avec des informations détaillées sur la mise à jour de sécuritéhttps://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2016-language-pack-march-10-2026-kb5002851-b0b76304-f556-4097-9786-6647246fc44c
2
Mises à jour de sécurité de SharePoint Server 2016Guide complet sur les mises à jour de sécurité de SharePoint Server 2016 et les meilleures pratiqueshttps://learn.microsoft.com/en-us/sharepoint/security/security-updates
3
Centre de réponse de sécurité MicrosoftConseils officiels de mise à jour de sécurité Microsoft et informations sur les vulnérabilitéshttps://msrc.microsoft.com/update-guide
#kb5002851#sharepoint-2016#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Server room with SharePoint administration interfaces displayed on multiple monitors
KB5002850
Microsoft SharePoint
KB Article

KB5002850 — Security Update for SharePoint Server 2016

KB5002850 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2016, including remote code execution and elevation of privilege flaws affecting SharePoint Enterprise Server 2016 installations.

Mar 1112 min
Server room displaying SharePoint security update installation on monitoring screens
KB5002845
Microsoft SharePoint
KB Article

KB5002845 — Security Update for SharePoint Server 2019

KB5002845 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and elevation of privilege flaws affecting SharePoint Foundation and Server components.

Mar 119 min
Corporate server room showing SharePoint infrastructure with multilingual interface monitoring displays
KB5002847
Microsoft SharePoint
KB Article

KB5002847 — Security Update for SharePoint Server 2019 Language Pack

KB5002847 is a March 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019 Language Pack components, including remote code execution and elevation of privilege flaws affecting multilingual SharePoint environments.

Mar 1112 min
Server room displaying SharePoint security update installation progress on monitoring screens
KB5002834
Microsoft SharePoint Server
KB Article

KB5002834 — Security Update for SharePoint Server 2019

KB5002834 is a February 2026 security update that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and cross-site scripting flaws affecting enterprise SharePoint deployments.

Mar 117 min