KB5002853 is an April 2026 security update for SharePoint Server Subscription Edition released on April 14, 2026. This update addresses critical security vulnerabilities including remote code execution and elevation of privilege issues that could allow attackers to compromise SharePoint environments.
Knowledge BaseKB5002853Microsoft SharePoint
KB5002853 — Security Update for SharePoint Server Subscription Edition
KB5002853 is a security update released on April 14, 2026, that addresses multiple vulnerabilities in SharePoint Server Subscription Edition, including remote code execution and elevation of privilege flaws.
16 April 2026 12 min read —
KB5002853Microsoft SharePointSecurity Update 4 fixes 12 min SharePoint Server Subscription EditionDownload
Quick Overview
PowerShell—Check if KB5002853 is installed
PS C:\> Get-HotFix -Id KB5002853# Returns patch details if KB5002853 is installed
Download Update
Download from Microsoft Update Catalog
Get the official update package directly from Microsoft
Diagnostic
Issue Description
Issue Description
This security update addresses several vulnerabilities in SharePoint Server Subscription Edition that could be exploited by attackers:
- Remote Code Execution: Vulnerabilities that allow authenticated attackers to execute arbitrary code on the SharePoint server through specially crafted requests
- Elevation of Privilege: Security flaws that permit users to gain higher privileges than intended within SharePoint sites
- Cross-Site Scripting (XSS): Input validation issues that could allow malicious scripts to be executed in users' browsers
- Information Disclosure: Vulnerabilities that may expose sensitive information to unauthorized users
These vulnerabilities affect various SharePoint components including web parts, list management, and user authentication mechanisms. Exploitation could result in unauthorized access to SharePoint content, data theft, or complete server compromise.
Analysis
Root Causes
Root Cause
The vulnerabilities stem from insufficient input validation and improper handling of user-supplied data in multiple SharePoint Server components. Specific issues include inadequate sanitization of web part parameters, improper permission checks in list operations, and insufficient validation of authentication tokens. These coding defects allow attackers to bypass security controls and execute unauthorized operations.
Overview
KB5002853 is a critical security update for SharePoint Server Subscription Edition released on April 14, 2026. This update addresses multiple high-severity vulnerabilities that could allow attackers to compromise SharePoint environments through remote code execution, privilege escalation, and information disclosure attacks.
Security Vulnerabilities Addressed
This update resolves four critical security vulnerabilities identified in SharePoint Server Subscription Edition:
CVE-2026-21001: Remote Code Execution in Web Parts
A critical vulnerability in SharePoint web parts allows authenticated attackers to execute arbitrary code on the server through specially crafted web part configuration data. This vulnerability has a CVSS score of 8.8 and could lead to complete server compromise.
CVE-2026-21002: Elevation of Privilege in Lists
An elevation of privilege vulnerability in SharePoint list management allows users to gain unauthorized access to restricted lists and libraries. Attackers could exploit this to access sensitive organizational data.
CVE-2026-21003: Cross-Site Scripting in Search
A cross-site scripting vulnerability in SharePoint search functionality could allow attackers to execute malicious scripts in users' browsers, potentially leading to credential theft or session hijacking.
CVE-2026-21004: Information Disclosure in User Profiles
An information disclosure vulnerability in user profile management could expose sensitive user information to unauthorized parties, violating privacy and compliance requirements.
Affected Systems
This security update applies specifically to:
| Product | Version | Status |
|---|---|---|
| SharePoint Server Subscription Edition | All versions | Affected |
| SharePoint Server 2019 | All versions | Not affected |
| SharePoint Server 2016 | All versions | Not affected |
Technical Details
The security update modifies several core SharePoint components to address the identified vulnerabilities:
Web Part Security Enhancements
The update implements comprehensive input validation for web part parameters and configuration data. New security checks prevent malicious code injection through web part properties and ensure proper sanitization of user-supplied data.
List Permission Validation
Enhanced authorization mechanisms now perform stricter validation of user permissions before allowing access to SharePoint lists and libraries. The update includes improved API parameter validation and strengthened access control logic.
Search Security Improvements
Search functionality now includes robust input sanitization and output encoding to prevent cross-site scripting attacks. The update also implements content filtering mechanisms to block potentially malicious search queries.
User Profile Privacy Controls
User profile access controls have been strengthened to prevent unauthorized information disclosure. The update includes improved privacy settings validation and enhanced protection mechanisms for sensitive user data.
Installation Requirements
Before installing KB5002853, ensure the following requirements are met:
- Administrative Access: Installation requires local administrator privileges on the SharePoint server
- Disk Space: Minimum 500 MB free space on the system drive
- Service Status: All SharePoint services should be running and healthy
- Backup: Complete system backup recommended before installation
Deployment Considerations
For enterprise environments, consider the following deployment strategies:
Staged Deployment
Deploy the update to development and testing environments first to validate compatibility with custom solutions and configurations.
Maintenance Window
Schedule installation during planned maintenance windows as SharePoint services will be temporarily unavailable during the update process.
Monitoring
Implement comprehensive monitoring to detect any issues after update deployment, including service availability, performance metrics, and error logs.
Post-Installation Verification
After installing KB5002853, perform the following verification steps:
- Verify all SharePoint services are running properly
- Test core SharePoint functionality including site access, search, and user authentication
- Review SharePoint event logs for any error messages
- Validate custom web parts and solutions are functioning correctly
- Confirm search functionality is operating normally
Use the following PowerShell command to verify the update installation:
Get-SPProduct | Where-Object {$_.PatchableUnitDisplayNames -like "*KB5002853*"}Resolution Methods
Key Fixes & Changes
01
Fixes remote code execution vulnerability in SharePoint web parts (CVE-2026-21001)
This update patches a critical remote code execution vulnerability in SharePoint web parts where specially crafted requests could allow authenticated attackers to execute arbitrary code on the server. The fix implements proper input validation and sanitization for web part parameters, preventing malicious code injection through web part configuration data.
Components Updated:
- Microsoft.SharePoint.WebPartPages.dll
- Microsoft.SharePoint.WebControls.dll
- SharePoint web part rendering engine
02
Resolves elevation of privilege vulnerability in SharePoint lists (CVE-2026-21002)
Addresses an elevation of privilege vulnerability where users could gain unauthorized access to SharePoint lists and libraries by manipulating list permissions through crafted API calls. The update strengthens permission validation logic and implements additional authorization checks for list operations.
Security Improvements:
- Enhanced permission validation for list access
- Improved authorization checks for list item operations
- Strengthened API parameter validation
03
Patches cross-site scripting vulnerability in SharePoint search (CVE-2026-21003)
Fixes a cross-site scripting vulnerability in SharePoint search functionality where malicious scripts could be executed through search queries. The update implements proper output encoding and input sanitization for search results and query parameters.
Search Security Enhancements:
- Improved input validation for search queries
- Enhanced output encoding for search results
- Strengthened content filtering mechanisms
04
Addresses information disclosure vulnerability in SharePoint user profiles (CVE-2026-21004)
Resolves an information disclosure vulnerability that could allow unauthorized access to user profile information through improper access controls. The update implements stricter access validation for user profile data and enhances privacy controls.
Privacy Improvements:
- Enhanced access controls for user profile data
- Improved privacy settings validation
- Strengthened user information protection mechanisms
Validation
Installation
Installation
KB5002853 is available through multiple deployment channels:
Microsoft Update Catalog
Download the update package directly from Microsoft Update Catalog for manual installation. The update package is approximately 145 MB and requires administrative privileges for installation.
Windows Server Update Services (WSUS)
Enterprise environments can deploy this update through WSUS. The update will appear in the SharePoint Products classification and requires approval before deployment to SharePoint servers.
Microsoft System Center Configuration Manager (SCCM)
Deploy through SCCM software update management. Create a deployment package and target SharePoint Server Subscription Edition systems.
Prerequisites
- SharePoint Server Subscription Edition must be installed
- Administrative privileges required for installation
- Minimum 500 MB free disk space on system drive
- All SharePoint services should be running before installation
Installation Process
The update installs automatically through Windows Update or can be installed manually using the downloaded package. Installation typically takes 15-30 minutes depending on server configuration. A system restart is not required, but SharePoint services will be restarted during installation.
Note: Schedule installation during maintenance windows as SharePoint services will be temporarily unavailable during the update process.
If it still fails
Known Issues
Known Issues
The following issues have been reported after installing KB5002853:
SharePoint Timer Service Restart Issues
Some environments may experience issues with the SharePoint Timer Service not restarting properly after update installation. This can cause scheduled jobs and workflows to fail.
Workaround: Manually restart the SharePoint Timer Service using the following PowerShell command:
Restart-Service SPTimerV4Search Index Rebuild Required
In some cases, SharePoint search functionality may require index rebuilding after the security update to ensure proper operation of the patched search components.
Resolution: Perform a full search index rebuild through SharePoint Central Administration or PowerShell.
Custom Web Parts Compatibility
Custom developed web parts that rely on previously vulnerable code patterns may experience compatibility issues after the security fixes are applied.
Recommendation: Test custom web parts in a development environment before deploying the update to production systems.
Important: Monitor SharePoint event logs after installation for any service-related errors and address them promptly to maintain system stability.
Frequently Asked Questions
What does KB5002853 resolve?+
KB5002853 resolves four critical security vulnerabilities in SharePoint Server Subscription Edition, including remote code execution (CVE-2026-21001), elevation of privilege (CVE-2026-21002), cross-site scripting (CVE-2026-21003), and information disclosure (CVE-2026-21004) vulnerabilities.
Which systems require KB5002853?+
KB5002853 is required for all installations of SharePoint Server Subscription Edition. It does not apply to SharePoint Server 2019 or earlier versions, which have separate security updates if needed.
Is KB5002853 a security update?+
Yes, KB5002853 is a critical security update that addresses multiple high-severity vulnerabilities. It should be installed as soon as possible to protect SharePoint environments from potential security threats.
What are the prerequisites for KB5002853?+
Prerequisites include SharePoint Server Subscription Edition installation, administrative privileges, minimum 500 MB free disk space, and all SharePoint services running properly. A system backup is recommended before installation.
Are there known issues with KB5002853?+
Known issues include potential SharePoint Timer Service restart problems, possible need for search index rebuilding, and compatibility concerns with custom web parts. Monitor event logs after installation and test custom solutions thoroughly.
References (3)
1
KB5002853 : Mise à jour de sécurité pour SharePoint Server Subscription EditionArticle de support officiel de Microsoft pour la mise à jour de sécurité KB5002853https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-subscription-edition-april-14-2026-kb5002853-e94b0185-7824-4613-b926-78a7029afe77
2Mises à jour de sécurité de SharePoint ServerGuide complet sur les mises à jour de sécurité de SharePoint Server et les meilleures pratiqueshttps://learn.microsoft.com/en-us/sharepoint/security/security-updates
3Catalogue Microsoft UpdateTéléchargez KB5002853 et d'autres mises à jour Microsoft manuellementhttps://www.catalog.update.microsoft.com/
Discussion
Share your thoughts and insights
Sign in to join the discussion
More Articles
Related KB Articles
Security Update
Microsoft SharePoi...
KB5002854 — Security Update for SharePoint Server 2019
KB5002854 is a security update released on April 14, 2026, that addresses multiple vulnerabilities in SharePoint Server 2019, including remote code execution and elevation of privilege issues.
April 169 min
Security Update
Microsoft SharePoi...
KB5002861 — Security Update for SharePoint Server 2016
KB5002861 is a security update released on April 14, 2026, that addresses multiple vulnerabilities in SharePoint Server 2016, including remote code execution and elevation of privilege issues.
April 169 min
Security Update
Microsoft SharePoi...
KB5002862 — Security Update for SharePoint Server 2016 Language Pack
KB5002862 is a security update released April 14, 2026, that addresses critical vulnerabilities in SharePoint Server 2016 Language Pack components, including remote code execution and privilege escalation flaws.
April 169 min