Rewterz Threat Advisory – CVE-2021-26420 – Microsoft SharePoint Remote Code Execution Vulnerability

Rewterz Threat Advisory – CVE-2021-20019 – SonicWall SonicOS information disclosure

June 24, 2021

Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

June 24, 2021

Rewterz Threat Advisory – CVE-2021-26420 – Microsoft SharePoint Remote Code Execution Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-26420

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.

A specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class allows an attacker to specify a path to an arbitrary workflow definition file. An attacker can leverage this vulnerability to execute code in the context of the web service account.

Impact

Code Execution
Unauthorized Access

Affected Vendors

Microsoft

Affected Products

SharePoint

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26420

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – CVE-2021-20019 – SonicWall SonicOS information disclosure

Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer

Rewterz Threat Advisory – CVE-2021-26420 – Microsoft SharePoint Remote Code Execution Vulnerability

Severity

Analysis Summary

CVE-2021-26420

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan