A critical remote code execution flaw, identified as CVE-2026-45659, has been discovered in Microsoft SharePoint, allowing attackers to easily execute malicious code. This high-severity vulnerability, with a CVSS score of 8.8, can be exploited under simple conditions, posing a significant threat to unpatched systems. The vulnerability stems from the deserialization of untrusted data, which can be manipulated by attackers to achieve remote code execution. Microsoft has released security updates to patch this flaw, and organizations using SharePoint are advised to apply these updates immediately. The exploitation status of CVE-2026-45659 is currently being discussed by Microsoft, emphasizing the need for prompt action1. This vulnerability matters to practitioners because applying the patch can prevent potential remote code execution attacks, highlighting the importance of timely updates to protect against emerging threats.
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
⚠️ Critical Alert
Why This Matters
CVE-2026-45659 is in active discussion involving Microsoft — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, May 27). Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That. *SecurityAffairs*. https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html
Original Source
SecurityAffairs
Read original →