Microsoft has patched a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint, where an authenticated attacker can exploit insecure deserialization of untrusted data to execute arbitrary code without user interaction. The vulnerability affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Organizations should apply the relevant security updates released by Microsoft immediately.
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute code remotely on a vulnerable SharePoint Server instance – no user interaction required. “The attack complexity is Low (AC:L) because … More → The post High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) appeared first on Help Net Security .