ThreatLevelBeta
Planned Fix

CVE-2026-45659

Remote Code Execution in Microsoft SharePoint Server
Loading...

Summary

Microsoft SharePoint Server’s deserialization handling can process attacker-controlled data. An authenticated attacker with the required SharePoint permissions can send a crafted network request that reaches the vulnerable server-side code path and trigger code execution without user interaction. Successful exploitation can compromise the SharePoint host and expose or alter stored content.

Why Planned Fix?

4/6
Authentication required
Mixed internet / internal deployment
No user interaction needed
Exploitable in default configuration
No active exploitation or PoC
High impact vulnerability

Exploitation Details

Type
RCE (Remote Code Execution)
Is exploitable with default configuration?
Yes
Is authentication needed?
Yes
domain user
PoC / Exploit
No
Impact

Execute arbitrary code remotely on the SharePoint server

RCE (Remote Code Execution)
Exploitation Requirements
  • Authentication required (domain user)
Exploitation Process

The attacker first authenticates to a vulnerable SharePoint site with the required permissions. They then send a crafted request containing malicious serialized data to the SharePoint endpoint that reaches the deserialization code path. If the payload is accepted, SharePoint deserializes the object and executes attacker-controlled code on the server, which can be verified through code execution or a remote callback.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
0

Affected Software

Vendor:Microsoft
ProductAffected Versions
Microsoft SharePoint Enterprise Server 2016prior to 16.0.5552.1002
Microsoft SharePoint Server 2019prior to 16.0.10417.20128
Microsoft SharePoint Server Subscription Editionprior to 16.0.19725.20280
Description

On-premises collaboration and document management platform used for intranets, team sites, portals, and shared business content.

Deployment:Mixed (internet/internal)
|
Protocol:HTTPS
|
Ports:443, 80
Affected ComponentServer-side deserialization logic in SharePoint request processing.

Server-side deserialization logic in SharePoint request processing.

Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update
Install the May 12, 2026 SharePoint security updates for your release line: KB5002868 for SharePoint Server 2016 (build 16.0.5552.1002), KB5002870 for SharePoint Server 2019 (build 16.0.10417.20128), or KB5002863 for SharePoint Server Subscription Edition (build 16.0.19725.20280).

Install the May 12, 2026 SharePoint security updates for your release line: KB5002868 for SharePoint Server 2016 (build 16.0.5552.1002), KB5002870 for SharePoint Server 2019 (build 16.0.10417.20128), or KB5002863 for SharePoint Server Subscription Edition (build 16.0.19725.20280).

support.microsoft.com
Threat Intelligence
EPSS Score0.5%

Probability of exploitation in the next 30 days

EPSS Percentile66%

Worse than 66% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Not Listed
Active Exploitation
No Evidence
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS Base Score

8.8
High

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-502 Deserialization of Untrusted Data
|
NVD:CVE-2026-45659
|
Version From:
|
Version Upto:

Sources

8
SourceArticle
msrc.microsoft.comSecurity Update Guide - CVE-2026-45659
nvd.nist.govCVE-2026-45659 Detail
cert.ssi.gouv.frCERT-FR Advisory CERTFR-2026-AVI-0634
www.helpnetsecurity.comHigh-severity SharePoint RCE bug patched by Microsoft
support.microsoft.comMay 2026 updates for Microsoft Office
support.microsoft.comSharePoint Server Subscription Edition: May 12, 2026 (KB5002863)
support.microsoft.comSharePoint Server 2019: 12 de mayo de 2026 (KB5002870)
support.microsoft.comSharePoint Server 2016: May 12, 2026 (KB5002868)

Priority History

Planned FixLoading...

Initial analysis