KB5002862 — Security Update for SharePoint Server 2016 Language Pack

Overview

KB5002862 is a critical security update for Microsoft SharePoint Server 2016 Language Pack components, released on April 14, 2026. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, privilege escalation, and cross-site scripting attacks in SharePoint environments with Language Packs installed.

Security Vulnerabilities Addressed

This update resolves several critical security vulnerabilities in SharePoint Server 2016 Language Pack functionality:

CVE-2026-20145: Remote Code Execution in Language Pack Rendering

A critical vulnerability in the SharePoint language pack rendering engine allows authenticated users to execute arbitrary code through specially crafted multilingual content. Attackers could exploit this vulnerability by uploading malicious documents containing embedded code in language-specific metadata, potentially compromising the entire SharePoint farm.

CVE-2026-20146: Privilege Escalation in Language-Specific Web Parts

This vulnerability affects SharePoint web parts that handle language-specific functionality. Standard users could exploit improper privilege validation to gain administrative access to SharePoint sites and perform unauthorized administrative operations.

CVE-2026-20147: Cross-Site Scripting in Localized UI Components

Cross-site scripting vulnerabilities in SharePoint's localized user interface components could allow attackers to inject malicious scripts into SharePoint pages, potentially stealing user credentials or performing unauthorized actions on behalf of legitimate users.

Affected Systems

KB5002862 applies to the following SharePoint Server 2016 configurations:

Technical Details

The vulnerabilities addressed by KB5002862 stem from several technical issues in SharePoint's language pack framework:

Input Validation Failures

The SharePoint language pack rendering engine failed to properly validate user-supplied content when processing multilingual text. This allowed attackers to inject malicious code through language-specific metadata in uploaded documents.

Memory Management Issues

Buffer overflow conditions existed in Unicode string processing routines, particularly when handling complex Unicode characters and emoji in multilingual content. These conditions could be exploited to execute arbitrary code.

Privilege Validation Weaknesses

Language-specific web parts and components did not adequately verify user permissions before executing certain operations, allowing privilege escalation attacks.

Installation Requirements

Before installing KB5002862, ensure your SharePoint environment meets these requirements:

• SharePoint Version: SharePoint Server 2016 with Service Pack 1 (16.0.4266.1001) or later
• Language Packs: At least one Microsoft-provided Language Pack must be installed
• Disk Space: Minimum 500 MB free space on the system drive
• Permissions: Local administrator rights on all SharePoint servers
• Services: SharePoint services can remain running during installation but will be restarted

Post-Installation Verification

After installing KB5002862, verify the update was applied successfully:

Get-SPProduct -Local | Where-Object {$_.ProductName -like "*Language Pack*"}

Check that all Language Pack products show as "Online" status. Additionally, verify the SharePoint build number has been updated:

(Get-SPFarm).BuildVersion

The build version should be 16.0.5435.1000 or later after successful installation.

Impact Assessment

Organizations should prioritize installation of KB5002862 based on their SharePoint configuration:

High Priority: SharePoint farms with multiple Language Packs and external user access

Medium Priority: Internal SharePoint farms with limited Language Pack usage

Low Priority: English-only SharePoint installations (not affected by these vulnerabilities)