Critical RCE in Microsoft SharePoint (CVE‑2026‑45659) Threatens Enterprise Collaboration Platforms
What It Is — A critical remote‑code‑execution (RCE) flaw (CVE‑2026‑45659) in Microsoft SharePoint Server allows an authenticated attacker with merely Site Member permissions to execute arbitrary code on the SharePoint server via deserialization of untrusted data.
Exploitability — The vulnerability scores 8.8 CVSS v3.1 (high severity) and can be weaponised with minimal effort; proof‑of‑concept code is publicly available, and Microsoft’s own advisory notes that exploitation is plausible in the wild.
Affected Products — SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 (both on‑premises and hybrid deployments).
TPRM Impact —
- Compromise of a core collaboration platform can cascade to downstream SaaS tools, ERP, CRM, and document repositories used by third‑party vendors.
- An attacker who gains code execution on SharePoint can harvest intellectual property, inject malicious macros, or pivot to other internal services, raising supply‑chain risk for any organization that outsources collaboration or document‑management functions.
Recommended Actions —
- Deploy Microsoft’s security update for CVE‑2026‑45659 immediately on all SharePoint servers.
- Verify that the patch is applied by checking the installed KB article version (e.g., KB 2026‑xxxx).
- Enforce least‑privilege principles: restrict Site Member permissions and audit privileged accounts.
- Conduct a rapid post‑patch scan for any anomalous activity on SharePoint services.
- Update third‑party risk registers to reflect the newly‑published vulnerability and reassess any vendors that rely on SharePoint for data exchange.
Source: SecurityAffairs – Microsoft SharePoint Has a New RCE Flaw