CVE-2026-45659

Confirmed PUBLISHED

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft · Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High EPSS 2.8%

At a Glance

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

microsoft cisa
CVE Published
May 22, 2026
Exploitation Reported
Jul 01, 2026
CVSS
8.8 High
EPSS
2.8%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status Source
Microsoft
Microsoft SharePoint Enterprise Server 2016

16.0.0 to < 16.0.5552.1002

Affected CNA
Microsoft
Microsoft SharePoint Server 2019

16.0.0 to < 16.0.10417.20128

Affected CNA
Microsoft
Microsoft SharePoint Server Subscription Edition

16.0.0 to < 16.0.19725.20280

Affected CNA

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.