KB5002853

Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 (KB5002853)

Applies To

SharePoint Server Subscription Edition

Summary

Important:

• If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager (KB5002799) to your farm before you install this cumulative update.

• If you're currently running the Classic version of Workflow Manager, you have to enable the debug flag in order to continue using it:

$farm = Get-SPFarm

$farm.ServerDebugFlags.Add(53601)

$farm.update()

iisreset

This security update resolves Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2026-32201

• Microsoft Common Vulnerabilities and Exposures CVE-2026-20945

Notes:

• This is build 16.0.19725.20210 of the security update package.

• To apply this security update, you must have the release version of Microsoft SharePoint Server Subscription Edition installed on the computer.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:

• This update fixes the GB18030-2022 certification issue.

• This update improves ingestion throughput by increasing the hit rate of the cache that's used during the ingestion process.

• This update fixes an issue in SharePoint Server Subscription Edition (On‑Premises) in which appending the query parameter p to publishing page URLs causes unexpected UI behavior. If p =2, the page renders a File Picker–style interface instead of the expected...