Critical SharePoint RCE Vulnerability Patched by Microsoft: CVE-2026-45659

**Microsoft** has addressed a critical remote code execution (RCE) vulnerability in **SharePoint**, identified as **CVE-2026-45659**. The flaw allows authenticated attackers to execute arbitrary code on affected servers, highlighting the need for immediate patching.

2026-05-27T04:08:34 Critical SharePoint RCE Vulnerability Patched by Microsoft: CVE-2026-45659

![SharePoint](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi34meakbjhvY3-jNVG7Q8tPJ5Xk1a-vtGSeKgfVDApX6pn88G7gYhK2oz34my6QeWHsldmSJuV4o8tlBOmw-9Ul32EJYhC-aFmExZvn6ibinw10_4DhBf6pHmIum2Ha_HggakezqS_uKiOPJzrIdwioMru5Oj74p87z_ZbQt_c-bH8kQl6jEXYycod7Vrw/s1600/sharepoint.png) ### SharePoint RCE Vulnerability: CVE-2026-45659 **Microsoft** has released updates to patch a remote code execution vulnerability in **SharePoint**. This flaw could be exploited by attackers without requiring any special conditions to be met. The vulnerability, tracked as **CVE-2026-45659**, has a CVSS score of 8.8 and is rated as 'Important'. According to **Microsoft**'s advisory, "Deserialization of untrusted data in **Microsoft** Office **SharePoint** allows an authorized attacker to execute code over a network." ### Attack Vectors and Required Privileges The vulnerability can be triggered by any authenticated attacker, without needing administrator or elevated privileges. "In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the **SharePoint** Server," **Microsoft** stated. ### Discovery and Affected Versions **Microsoft** credited a researcher named MEOW for discovering and reporting the vulnerability. Updates have been released for the following versions: * [SharePoint Server Subscription Edition](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-subscription-edition-may-12-2026-kb5002863-91158c5e-7155-47f8-86c2-9f8924cbfa12) * [SharePoint Server 2019](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-may-12-2026-kb5002870-78ccf6f5-7506-42f1-b459-70c6d6d122da) * [SharePoint Enterprise Server 2016](https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2016-may-12-2026-kb5002868-5cc10216-f312-4ded-86d2-4940b3a1fded) ### Prior Vulnerabilities and Mitigation Last month, **Microsoft** addressed a spoofing vulnerability in **Microsoft SharePoint Server** (**CVE-2026-32201**, CVSS score: 6.5) that was actively exploited. While **Microsoft** indicates that **CVE-2026-45659** is less likely to be exploited, applying the provided patches is crucial for ensuring optimal protection, given the history of attackers targeting flaws in the **SharePoint** platform.

📡 Intelligence Feed

Critical SharePoint RCE Vulnerability Patched by Microsoft: CVE-2026-45659

✏️ Edit Article