Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow authenticated attackers to remotely execute arbitrary code on affected systems. Tracked as CVE-2026-45659, the vulnerability impacts multiple on-premises SharePoint deployments and was disclosed on May 21, 2026.
The flaw originates from the deserialization of untrusted data within Microsoft Office SharePoint. If successfully exploited, it could enable an attacker to execute code remotely on a vulnerable SharePoint server through a network-based attack.
Microsoft has classified the vulnerability as Important severity. While the company currently assesses active exploitation as “less likely,” security experts have highlighted the low complexity of the attack as a significant concern.
One of the most notable aspects of the vulnerability is the minimal level of access required for exploitation. An attacker only needs authenticated access with Site Member-level permissions, meaning administrative privileges are not required to launch an attack.
The vulnerability carries a network-based attack vector and low attack complexity, allowing attackers to potentially exploit the flaw remotely without extensive knowledge of the target environment.
To address the issue, Microsoft has released security updates for all supported affected versions of SharePoint Server:
- SharePoint Server Subscription Edition – KB5002863 (Build 16.0.19725.20280)
- SharePoint Server 2019 – KB5002870 (Build 16.0.10417.20128)
- SharePoint Enterprise Server 2016 – KB5002868 (Build 16.0.5552.1002)
Microsoft is urging organizations to apply the latest security updates immediately. Security teams are also advised to review site membership permissions, limit Site Member access to trusted users and monitor SharePoint logs for unusual activity or signs of unauthorized code execution.
Additional recommendations include isolating internet-facing SharePoint deployments until patching is verified and implementing Web Application Firewall (WAF) protections capable of detecting malicious deserialization attempts.
Although Microsoft has stated that the vulnerability has not been publicly disclosed prior to the advisory and is not currently known to be under active attack, the low barrier to exploitation increases the likelihood of future abuse once proof-of-concept exploit code becomes available.
Organizations that rely on SharePoint for collaboration, document management and external-facing portals may face elevated risk if remediation is delayed. Security teams are being encouraged to prioritize the updates as part of their next maintenance cycle to reduce exposure.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.