288/69 Wednesday, May 27, 2026
Microsoft has released security updates to address a Remote Code Execution (RCE) vulnerability in Microsoft SharePoint Server tracked as CVE-2026-45659. The vulnerability has a CVSS severity score of 8.8 and is caused by the deserialization of untrusted data within SharePoint Server.
The vulnerability could allow an authenticated attacker with minimal privileges, specifically Site Member-level access, to execute arbitrary code remotely on a SharePoint Server over the network. The attacker does not require administrator or elevated privileges to exploit the flaw. Microsoft has released security patches for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.
Organizations using on-premises SharePoint Server deployments are strongly advised to verify their current versions and install the latest security updates from Microsoft as soon as possible. In addition, organizations should enforce the principle of least privilege for user accounts, review accounts with Site Member permissions or higher, and closely monitor SharePoint Server environments for suspicious activity. Although Microsoft currently assesses the likelihood of exploitation as low, administrators should still prioritize patching because SharePoint is widely used for storing and sharing sensitive organizational data.
Source http://thehackernews.com/2026/05/microsoft-patches-sharepoint-rce-flaw.html