CVE-2026-45659 – Microsoft SharePoint

Microsoft Office SharePoint contains a remote code execution vulnerability caused by deserialization of untrusted data. An authenticated attacker with minimal permissions could exploit the vulnerability remotely over a network to execute arbitrary code on the SharePoint Server. Although Microsoft currently reports no public exploitation or disclosure, the low attack complexity and internet-reachable attack vector significantly increase the risk for exposed environments.

CVSS Score: 8.8

SEVERITY: Important

THREAT:
This vulnerability allows remote code execution against Microsoft SharePoint through the handling of untrusted serialized data. Because SharePoint environments often contain sensitive organizational documents, workflows, and collaboration data, successful exploitation could provide attackers with a powerful foothold inside enterprise environments.

EXPLOITS:
Microsoft reports that the vulnerability has not been publicly disclosed and is not currently being exploited in the wild. No confirmed public proof-of-concept (PoC) exploit code is currently available. Microsoft rates exploitation as “Less Likely.”

TECHNICAL SUMMARY:
The vulnerability is associated with CWE-502, Deserialization of Untrusted Data. Microsoft SharePoint improperly processes serialized input, allowing an authenticated attacker to send crafted payloads that may execute arbitrary code on the target server. Exploitation requires only low privileges, such as Site Member permissions, and does not require administrator access or user interaction. The vulnerability is remotely exploitable over a network and can potentially impact confidentiality, integrity, and availability at a high level.

EXPLOITABILITY:
Affected software includes on-premise version of Microsoft Office SharePoint: SharePoint Server 2016, 2019 and  SharePoint Server Subscription Edition environments. Any authenticated attacker with minimum Site Member permissions could exploit the vulnerability remotely over a network. Attack complexity is low, making exploitation potentially repeatable once access is obtained.

BUSINESS IMPACT:
SharePoint servers commonly host sensitive business documents, internal collaboration content, and enterprise workflows. Successful remote code execution could allow attackers to steal data, deploy malware, manipulate business content, disrupt operations, or establish persistence within the environment. Because SharePoint is frequently integrated with broader Microsoft ecosystems, compromise may also increase the risk of lateral movement into additional systems and services.

WORKAROUND:
Apply the official Microsoft security updates as soon as possible. Organizations should also review SharePoint permissions, minimize unnecessary user access, restrict internet exposure where feasible, and monitor SharePoint environments for suspicious authentication or abnormal server activity.

URGENCY:
This vulnerability warrants urgent attention because it enables remote code execution with low attack complexity and requires only minimal authenticated access. SharePoint servers are high-value enterprise targets, and exploitation could result in widespread organizational impact if attackers gain code execution on collaboration infrastructure.