Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft released patches today for CVE-2026-45659, a remote code execution vulnerability affecting SharePoint Server across multiple versions. The flaw scores 8.8 on the CVSS scale and requires no preconditions for exploitation.

The vulnerability stems from insecure deserialization of untrusted data in SharePoint. Attackers can craft malicious payloads and execute arbitrary code on affected systems without authentication or user interaction. This attack surface makes the flaw particularly dangerous in enterprise environments where SharePoint instances often handle sensitive organizational data.

Microsoft classified the vulnerability as important severity. The company provided patches across SharePoint Server versions, though specific version numbers were not detailed in available information. Organizations running SharePoint infrastructure should treat this as a priority patch.

SharePoint remains a common target for threat actors because it frequently stores business-critical documents, collaboration data, and credentials. A successful RCE exploit grants attackers full control over the affected server, enabling data theft, lateral movement into networks, and installation of persistent backdoors.

The deserialization attack vector has proven effective against Microsoft products before. Unlike injection attacks requiring specific application logic, deserialization flaws trigger automatically when applications process untrusted input containing serialized objects. Attackers exploit this by crafting specially formatted data that, when deserialized, executes embedded malicious code.

Administrators managing SharePoint deployments should apply patches immediately. Organizations should identify all SharePoint instances in their environment and prioritize those exposing external-facing web applications. Network segmentation limiting SharePoint server communications to trusted systems reduces risk while patches roll out.

Monitoring for exploitation attempts targeting SharePoint should focus on unusual network activity from the SharePoint process, unexpected code execution, and authentication patterns suggesting post-compromise behavior. Security tools capable of detecting deserialization attacks provide additional detection capability.