Alerts
High-Severity Vulnerability in Microsoft Sharepoint
29 May 2026
Microsoft has released security updates addressing a remote code execution vulnerability in SharePoint. Users and administrators of affected products are advised to update to the latest versions immediately.
Background
Microsoft has released security updates addressing a remote code execution vulnerability (CVE-2026-45659) in SharePoint. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 8.8 out of 10.
Impact
Successful exploitation of this vulnerability may allow a remote authenticated attacker with low privileges to send crafted serialised payloads to a vulnerable SharePoint server, resulting in remote code execution over the network. This may lead to unauthorised access to sensitive information, execution of arbitrary commands, privilege escalation and system compromise.
Affected Products
This vulnerability affects the following Microsoft SharePoint products:
SharePoint Server Subscription Edition, build number earlier than 16.0.19725.20280
SharePoint Server 2019, build number earlier than 16.0.10417.20128
SharePoint Server 2016, build number earlier than 16.0.5552.1002
Recommendations
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659
https://nvd.nist.gov/vuln/detail/CVE-2026-45659
https://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html
https://www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659