Microsoft has released an update that fixes a remote code execution vulnerability affecting SharePoint. This vulnerability could be exploited by a malicious attacker without any special conditions being met.
This vulnerability is tracked as CVE-2026-45659 and has a CVSS score of 8.8. It has been assigned a severity of critical.
“Untrusted data deserialization in Microsoft Office SharePoint could allow an authorized attacker to execute code on the network,” Microsoft said in an advisory released last week.
Microsoft says the vulnerability could be triggered by an authenticated attacker and does not require administrator or other elevated privileges.
“A network-based attack could allow an authenticated attacker with least site member privileges (PR:L) to remotely execute code on SharePoint Server,” the Windows maker added.
Microsoft has acknowledged that a researcher named MEOW discovered and reported the flaw. The following version updates have been released –
Last month, Microsoft released a fix for a spoofing vulnerability affecting Microsoft SharePoint Server (CVE-2026-32201, CVSS score: 6.5) and announced that the vulnerability was being exploited in the wild.
While the tech giant says CVE-2026-45659 is unlikely to be exploited, it is imperative that users apply the necessary fixes for optimal protection, especially given the fact that several flaws in the collaborative platform have been repeatedly weaponized by attackers over the years.
Source link
