CVE-2026-45659

HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 5/22/2026Modified: 5/27/2026

Related Intelligence (2)

LOWVulnerability

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. "Deserialization of untrusted data in Microsoft Office SharePoint allows

CVE-2026-45659

May 26, 2026The Hacker News

HIGHVulnerability

NVD HIGH: CVE-2026-45659 — Deserialization of untrusted data in Microsoft Office SharePoint allows an autho...

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-45659

May 22, 2026NIST NVD

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659Vendor Advisory