Description of the security update for SharePoint Server Subscription Edition: February 10, 2026 (KB5002833)
Applies To
SharePoint Server Subscription Edition
Important:
If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager (KB5002799) to your farm before you install this cumulative update.
If you're currently running the Classic version of Workflow Manager, you have to enable the debug flag in order to continue using it:
$farm = Get-SPFarm
$farm.ServerDebugFlags.Add(53601)
$farm.update()
iisreset
This security update resolves a Microsoft Word spoofing vulnerability and Microsoft Outlook spoofing vulnerability. To learn more about the vulnerabilities, see the following security advisories:
Microsoft Common Vulnerabilities and Exposures CVE-2026-21511
Microsoft Common Vulnerabilities and Exposures CVE-2026-21260
Notes:
This is build 16.0.19127.20518 of the security update package.
To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on the computer.
This security update introduces the SharePoint Server Subscription Edition Version 25H2 feature update. This feature update will be included in all SharePoint Server Subscription Edition public updates going forward. For more information about this feature update, see New and improved features in SharePoint Server Subscription Edition Version 25H2.
This security update contains improvements and fixes for the following...
16.0.19127.20518