PatchSiren cyber security CVE debrief
CVE-2026-45659 Microsoft CVE debrief
A deserialization vulnerability in Microsoft Office SharePoint enables authenticated remote code execution. The flaw stems from improper handling of untrusted data during deserialization operations, allowing an attacker with valid credentials to execute arbitrary code over the network. Microsoft has assigned this a HIGH severity rating with a CVSS 3.1 score of 8.8. The vulnerability was published to the CVE Program on May 22, 2026, with the NVD record subsequently modified on May 26, 2026. As of the modified date, the NVD entry remains 'Undergoing Analysis'. No known exploitation in ransomware campaigns has been documented, and the vulnerability has not been added to CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Microsoft
- Product
- Microsoft SharePoint Enterprise Server 2016
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-27
Who should care
Organizations running Microsoft Office SharePoint Server should prioritize this vulnerability due to the HIGH severity score and the potential for complete system compromise. Security teams should coordinate with SharePoint administrators to ensure timely patching once Microsoft releases updates. Incident response teams should monitor for indicators of compromise related to deserialization attacks against SharePoint endpoints.
Technical summary
This vulnerability exists in Microsoft Office SharePoint's handling of deserialized data. An attacker with valid authentication credentials can submit malicious serialized objects that, when deserialized by the SharePoint server, result in arbitrary code execution. The attack vector is network-based, requires low attack complexity, and does not require user interaction. The confidentiality, integrity, and availability impacts are all rated HIGH. The underlying weakness is CWE-502: Deserialization of Untrusted Data.
Defensive priority
HIGH
Recommended defensive actions
- Apply security updates from Microsoft as detailed in the MSRC security update guide once available
- Review SharePoint instance configurations to restrict deserialization of untrusted data where possible
- Monitor for anomalous authentication patterns and deserialization-related errors in SharePoint logs
- Validate that SharePoint deployments follow Microsoft's security hardening guidance for deserialization controls
Evidence notes
The vulnerability description and CVSS scoring are sourced from the official CVE record and NVD entry. The weakness classification of CWE-502 (Deserialization of Untrusted Data) is attributed to [email protected]. Vendor identification is based on reference domain analysis with low confidence, requiring review.
Official resources
-
CVE-2026-45659 CVE record
CVE.org
-
CVE-2026-45659 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
The CVE record was published on May 22, 2026, and last modified on May 26, 2026. The NVD entry is currently undergoing analysis.