Deserialization Vulnerability in Microsoft Office SharePoint
CVE-2026-45659
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 22 May 2026
Badges
What is CVE-2026-45659?
CVE-2026-45659 is a critical vulnerability affecting Microsoft Office SharePoint, a platform widely used for collaboration, document management, and storing business data. This vulnerability arises from a flaw in the deserialization process of untrusted data, which potentially allows an authorized attacker to execute arbitrary code over a network. If exploited, it can enable attackers to manipulate the application environment and gain unauthorized control over sensitive data and system resources. The risk is heightened due to SharePoint's integral role in organizational workflows and its common deployment in enterprise settings, making it a significant target for cyber threats.
Potential impact of CVE-2026-45659
-
Unauthorized Code Execution: The most direct consequence of this vulnerability is the ability for attackers to execute malicious code without proper authorization. This could lead to the takeover of affected systems, creating opportunities to further compromise organizational networks.
-
Data Breach Risks: With the exploitation of this vulnerability, attackers could gain access to sensitive information stored within SharePoint. This exposure could result in severe data breaches, jeopardizing confidential business data and potentially leading to regulatory penalties.
-
Disruption of Business Operations: Successful exploitation may lead to significant operational disruptions. An attacker could manipulate SharePoint’s functionality or deploy ransomware, affecting user access and collaboration, ultimately impacting productivity and business continuity.
CISA has reported CVE-2026-45659
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-45659 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5552.1002
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20128
Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.19725.20280
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
8 hours ago
CISA: Microsoft SharePoint RCE flaw now actively exploited
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May.
12 hours ago
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
CISA added CVE-2026-45659 SharePoint Server RCE to KEV following confirmed exploitation, requiring U.S. agencies to patch by July 4, 2026.
17 hours ago
References
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by It Security News
Vulnerability published
Vulnerability Reserved