• Home
  • cyber
  • Microsoft: Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks
cyber Vulnerability

Microsoft: Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks

May 21, 2026 2 min read
Microsoft: Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks

Critical SharePoint Server Vulnerability (CVE-2026-45659) Exposes Organizations to Remote Code Execution

On May 21, 2026, Microsoft disclosed a critical security flaw in SharePoint Server (CVE-2026-45659) that allows authenticated attackers to execute arbitrary code remotely. The vulnerability affects multiple on-premises SharePoint versions, posing a significant risk to organizations using the platform for collaboration and document management.

The flaw stems from improper deserialization of untrusted data in Microsoft Office SharePoint, enabling network-based attackers to exploit it with low complexity. Notably, any authenticated user with Site Member-level permissions without requiring administrative access can trigger the vulnerability. Microsoft rated the flaw as Important severity, assessing exploitation as "Less Likely" but warning that its low barrier to entry makes it a serious threat.

Affected versions include:

  • SharePoint Server Subscription Edition (KB 5002863, build 16.0.19725.20280)
  • SharePoint Server 2019 (KB 5002870, build 16.0.10417.20128)
  • SharePoint Enterprise Server 2016 (KB 5002868, build 16.0.5552.1002)

Microsoft has released patches for all impacted versions. While no active exploitation has been reported, the vulnerability’s network-accessible attack surface and low complexity increase the risk of future exploitation once proof-of-concept code emerges. Organizations are advised to apply updates immediately, audit user permissions, monitor logs for suspicious activity, and isolate internet-facing instances until patches are deployed.

Source: https://cybersecuritynews.com/sharepoint-server-rce-vulnerability/

Microsoft_SharePoint cybersecurity rating report: https://www.rankiteo.com/company/microsoft_sharepoint

"id": "MIC1779805440",
"linkid": "microsoft_sharepoint",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Microsoft SharePoint Server Subscription '
                                'Edition',
                        'type': 'Software'},
                       {'industry': 'Technology',
                        'name': 'Microsoft SharePoint Server 2019',
                        'type': 'Software'},
                       {'industry': 'Technology',
                        'name': 'Microsoft SharePoint Enterprise Server 2016',
                        'type': 'Software'}],
 'attack_vector': 'Network-based',
 'date_publicly_disclosed': '2026-05-21',
 'description': 'On May 21, 2026, Microsoft disclosed a critical security flaw '
                'in SharePoint Server (CVE-2026-45659) that allows '
                'authenticated attackers to execute arbitrary code remotely. '
                'The vulnerability affects multiple on-premises SharePoint '
                'versions, posing a significant risk to organizations using '
                'the platform for collaboration and document management. The '
                'flaw stems from improper deserialization of untrusted data in '
                'Microsoft Office SharePoint, enabling network-based attackers '
                'to exploit it with low complexity. Notably, any authenticated '
                'user with Site Member-level permissions without requiring '
                'administrative access can trigger the vulnerability.',
 'impact': {'systems_affected': 'SharePoint Server (on-premises)'},
 'post_incident_analysis': {'corrective_actions': 'Apply patches, audit user '
                                                  'permissions, monitor logs, '
                                                  'isolate internet-facing '
                                                  'instances',
                            'root_causes': 'Improper deserialization of '
                                           'untrusted data in Microsoft Office '
                                           'SharePoint'},
 'recommendations': 'Organizations are advised to apply updates immediately, '
                    'audit user permissions, monitor logs for suspicious '
                    'activity, and isolate internet-facing instances until '
                    'patches are deployed.',
 'references': [{'source': 'Microsoft Security Response Center'}],
 'response': {'containment_measures': 'Apply patches, audit user permissions, '
                                      'monitor logs for suspicious activity, '
                                      'isolate internet-facing instances',
              'enhanced_monitoring': 'Monitor logs for suspicious activity',
              'remediation_measures': 'Microsoft has released patches for all '
                                      'impacted versions'},
 'title': 'Critical SharePoint Server Vulnerability (CVE-2026-45659) Exposes '
          'Organizations to Remote Code Execution',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': 'CVE-2026-45659 (Improper deserialization of '
                            'untrusted data)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.