Public PoC released for SharePoint RCE chain

Public PoC released for SharePoint RCE chain


Public PoC released for SharePoint RCE chain

A working proof-of-concept is now public for CVE-2026-33112, a critical Microsoft SharePoint flaw that allows low-privilege authenticated users to achieve remote code execution. The exploit abuses external XSD imports during DataSet deserialization to bypass XmlValidator, then leverages PPSAuthoringService.asmx TestConnection to trigger ExcelDataSet.get_DataTable() indirectly.

The significance is straightforward: site-member access is sufficient, the malicious schema is fetched over the network rather than embedded locally, and the attack path targets exposed SharePoint service endpoints. This raises both exploitation speed and detection difficulty for on-prem deployments.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page