Microsoft has issued security updates for a SharePoint remote code execution flaw tracked as CVE-2026-45659, warning that an authenticated attacker with at least Site Member permissions could exploit it over a network. The issue carries a CVSS score of 8.8 and affects several SharePoint Server versions.
KEY FACTS
- Severity The flaw is rated important and has a CVSS score of 8.8.
- Attack path It involves deserialization of untrusted data in Microsoft Office SharePoint.
- Access needed Microsoft said an authenticated attacker with Site Member permissions could trigger it.
- Fixed versions Patches are out for SharePoint Server Subscription Edition, SharePoint Server 2019 and SharePoint Enterprise Server 2016.
- Research credit Microsoft said a researcher named MEOW reported the issue.
The disclosure said the flaw does not require administrator or other elevated privileges. Microsoft said the vulnerability could be triggered by any authenticated attacker, but it did not say whether it had seen active exploitation.
The company also patched a separate SharePoint spoofing flaw, CVE-2026-32201, last month after reporting that it had been exploited in the wild. The report noted that several flaws in the collaboration platform have been weaponized by attackers over the years.
Updates are available for SharePoint Server Subscription Edition, SharePoint Server 2019 and SharePoint Enterprise Server 2016. Microsoft said the issue is less likely to be exploited, but urged users to install the fixes for protection.
WHY IT MATTERS
SharePoint is widely used in corporate environments, so even a vulnerability that needs authentication can still pose risk if an attacker gains access to an account. Applying the patches reduces exposure to remote code execution on affected servers.