CVE-2024-38094
Microsoft SharePoint Deserialization Vulnerability
CVSS
—
No CVSS
EPSS
47.8%
p99
KEV
YES
Oct 22, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
47.8%EPSS · 30 days55.3%
2026-06-302026-07-16
Product
Microsoft / SharePoint
Vulnerability
Microsoft SharePoint Deserialization Vulnerability
Added to KEV
Oct 22, 2024
Remediate by
Nov 12, 2024
Known ransomware use
Yes
Summary description
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-49706—100.0%
KEV—80Microsoft SharePoint Improper Authentication Vulnerability—CVE-2025-49704—100.0%
KEV—80Microsoft SharePoint Code Injection Vulnerability—CVE-2025-53770—100.0%
KEV—80Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—CVE-2019-0604—100.0%
KEV—80Microsoft SharePoint Remote Code Execution Vulnerability—CVE-2026-20963—98.0%
KEV—79Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—