HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

High‑Severity Authenticated RCE in Microsoft SharePoint (CVE‑2026‑45659) Threatens Enterprise Collaboration Platforms

Microsoft released patches for CVE‑2026‑45659, a high‑severity remote code execution flaw in on‑prem SharePoint Server editions. The bug requires authentication but can be exploited with low complexity, putting corporate documents and downstream partners at risk. TPRM teams should prioritize patching and tighten access controls.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
helpnetsecurity.com

High‑Severity Authenticated RCE in Microsoft SharePoint (CVE‑2026‑45659) Threatens Enterprise Collaboration Platforms

What It Is – Microsoft disclosed CVE‑2026‑45659, a high‑severity remote code execution flaw in SharePoint Server Subscription Edition, SharePoint Server 2019 and SharePoint Enterprise Server 2016. The vulnerability stems from deserialization of untrusted data and can be triggered by an authenticated attacker without any user interaction.

Exploitability – Attack complexity is rated Low (AC:L). No public PoC or active exploitation reports exist, but the required authentication step is trivial in many on‑prem deployments that expose SharePoint to the internet. CVSS is expected to be ≥ 8.0.

Affected Products

  • SharePoint Server Subscription Edition (build 16.0.19725.20280)
  • SharePoint Server 2019 (build 16.0.10417.20128)
  • SharePoint Enterprise Server 2016 (build 16.0.5552.1002)

TPRM Impact

  • On‑prem SharePoint often stores confidential corporate documents, project plans, and HR records, making it a high‑value third‑party data repository.
  • Compromise could enable lateral movement into other internal systems, exposing downstream vendors and customers to data leakage or ransomware.

Recommended Actions

  • Deploy Microsoft’s security updates for the affected SharePoint versions immediately.
  • Verify that all SharePoint servers are behind a hardened perimeter (e.g., VPN, Zero‑Trust Network Access) and enforce MFA for any accounts with access.
  • Conduct a focused audit of authentication logs for anomalous sign‑ins over the past 90 days.
  • Review and restrict any third‑party integrations that may provide authenticated access to SharePoint APIs.
  • Update your third‑party risk register to reflect the newly‑published vulnerability and re‑assess any vendors that rely on on‑prem SharePoint.

Source: Help Net Security – High‑severity SharePoint RCE bug patched by Microsoft (CVE‑2026‑45659)

📰 Original Source
https://www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →