HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical RCE in Microsoft SharePoint (CVE-2026-45659) Threatens Enterprise Collaboration Platforms

A high‑severity remote‑code‑execution flaw (CVE‑2026‑45659) in Microsoft SharePoint Server allows attackers with low‑privilege accounts to execute arbitrary code. The vulnerability impacts SharePoint Server 2016, 2019, and Subscription Edition, posing a supply‑chain risk for organizations that rely on SharePoint for collaboration and document management.

LiveThreat™ Intelligence · 📅 May 27, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
securityaffairs.com

Critical RCE in Microsoft SharePoint (CVE‑2026‑45659) Threatens Enterprise Collaboration Platforms

What It Is — A critical remote‑code‑execution (RCE) flaw (CVE‑2026‑45659) in Microsoft SharePoint Server allows an authenticated attacker with merely Site Member permissions to execute arbitrary code on the SharePoint server via deserialization of untrusted data.

Exploitability — The vulnerability scores 8.8 CVSS v3.1 (high severity) and can be weaponised with minimal effort; proof‑of‑concept code is publicly available, and Microsoft’s own advisory notes that exploitation is plausible in the wild.

Affected Products — SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 (both on‑premises and hybrid deployments).

TPRM Impact

  • Compromise of a core collaboration platform can cascade to downstream SaaS tools, ERP, CRM, and document repositories used by third‑party vendors.
  • An attacker who gains code execution on SharePoint can harvest intellectual property, inject malicious macros, or pivot to other internal services, raising supply‑chain risk for any organization that outsources collaboration or document‑management functions.

Recommended Actions

  • Deploy Microsoft’s security update for CVE‑2026‑45659 immediately on all SharePoint servers.
  • Verify that the patch is applied by checking the installed KB article version (e.g., KB 2026‑xxxx).
  • Enforce least‑privilege principles: restrict Site Member permissions and audit privileged accounts.
  • Conduct a rapid post‑patch scan for any anomalous activity on SharePoint services.
  • Update third‑party risk registers to reflect the newly‑published vulnerability and reassess any vendors that rely on SharePoint for data exchange.

Source: SecurityAffairs – Microsoft SharePoint Has a New RCE Flaw

📰 Original Source
https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →