Not a user yet?
Log in Register for free Suggest a product
Update

KB5002863: improves ingestion throughput by increasing the hit rate of the cache

SharePoint Server Subscription Edition (SE)SharePoint Server Subscription Edition (SE)
Microsoft

Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 (KB5002863)

Summary
Important:

  • If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager (KB5002799) to your farm before you install this cumulative update.
  • If you're currently running the Classic version of Workflow Manager, you have to enable the debug flag in order to continue using it:

$farm = Get-SPFarm
$farm.ServerDebugFlags.Add(53601)
$farm.update()
iisreset

This security update resolves Microsoft SharePoint Server Remote Code Execution vulnerability. To learn more about the vulnerability, see the following security advisories:​​​​​​​​​​​​​​

  • Microsoft Common Vulnerabilities and Exposures CVE-2026-40357​​​​​​​​​​​​​​
  • Microsoft Common Vulnerabilities and Exposures CVE-2026-33112​​​​​​​​​​​​​​
  • Microsoft Common Vulnerabilities and Exposures CVE-2026-33110​​​​​​​​​​​​​​
  • Microsoft Common Vulnerabilities and Exposures CVE-2026-40368​​​​​​​​​​​​​​
  • Microsoft Common Vulnerabilities and Exposures CVE-2026-35439​​​​​​​​​​​​​​

Microsoft Common Vulnerabilities and Exposures CVE-2026-40367​​​​​​​​​​​​​​

Microsoft Common Vulnerabilities and Exposures CVE-2026-40365​​​​​​​​​​​​​​

Notes:

This is build 16.0.19725.20280 of the security update package.

To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on the computer.

Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:

  • This update improves accessibility by enabling keyboard navigation to column headers in the SPList Quick Edit view.
  • This update resolves an issue in which pages don't load because certain user controls are flagged as unsafe for security. After you install this fix, you can explicitly trust the affected controls by configuring the appropriate custom farm property, (AllowedTagPrefixesWhichAreNotWebControlsList).
  • This update fixes an issue in which customers encounter a “Sorry, something went wrong” screen when they update settings in the Configure and Health SA page. It also resolves a problem in which PowerShell incorrectly reports a “Database already exists” error, even if customers are only updating settings against an existing database.
    -This update improves ingestion throughput by increasing the hit rate of the cache that's used during the ingestion process.
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps, Software & Services section

Was the content helpful to you?

Advertisement Advertise here?
Banner Logitech