Microsoft has announced a critical vulnerability in SharePoint Server, identified as CVE-2026-45659. This flaw, disclosed on May 21, 2026, could allow authenticated attackers to execute arbitrary code remotely across various SharePoint Server versions. The vulnerability arises from the deserialization of untrusted data within Microsoft Office SharePoint. If exploited, it enables a network-based attacker to execute code on the affected server. Microsoft has classified this flaw as Important in severity, with current assessments indicating a lower likelihood of exploitation. However, the simplicity of executing this attack makes it a significant concern that demands swift action. Any authenticated user with Site Member-level permissions can exploit this vulnerability, requiring no elevated privileges or specialized knowledge. The attack vector is network-based with low complexity, making it possible for attackers to repeatedly and reliably execute the attack from the internet. Microsoft has issued security updates for all affected SharePoint Server versions, urging organizations to apply these patches immediately. Given the potential risk, especially for organizations that use SharePoint for critical functions like internal collaboration or document management, delaying these updates could lead to increased exposure. Although there are no reports of active exploitation or public disclosure so far, the vulnerability's characteristics make it a candidate for future attacks, particularly when proof-of-concept code becomes available. Security teams should prioritize this patch in their next maintenance cycle to mitigate any risks associated with this vulnerability.
Critical Security Flaw in SharePoint Server Requires Immediate Attention
Microsoft SharePoint Server remote code execution vulnerability disclosed and patched as CVE-2026-45659.
Executive Summary
Microsoft has disclosed a critical vulnerability in SharePoint Server that could allow remote code execution by authenticated users. Organizations should apply the released patches immediately to prevent potential exploitation.


