Cyber Resilience

CVE-2026-45659

HighCISA KEVActive ExploitationRCEUpdated

Published: 22 May 2026

Published
22 May 2026
Modified
02 July 2026
KEV Added
01 July 2026
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0322 86.7th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-45659 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

The vulnerability CVE-2026-45659 stems from deserialization of untrusted data, tracked under CWE-502, in Microsoft Office SharePoint. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, and low privileges required, with impacts rated high for confidentiality, integrity, and availability.

An authorized attacker with network access can supply malicious serialized data to trigger remote code execution on the affected SharePoint instance, without needing user interaction.

Microsoft has published an advisory with further details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659. The associated EPSS score has remained flat at 0.0115 from disclosure onward, indicating no material rise in observed exploitation interest.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)
KEV Date Added
01 July 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization RCE in internet-facing SharePoint server directly enables remote exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33110Same product: Microsoft Sharepoint Server
CVE-2025-53770Same product: Microsoft Sharepoint Server
CVE-2026-35439Same product: Microsoft Sharepoint Server
CVE-2025-54897Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-33112Same product: Microsoft Sharepoint Server
CVE-2026-40357Same product: Microsoft Sharepoint Server
CVE-2026-20963Same product: Microsoft Sharepoint Server
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2025-59237Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19725.20280

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the malicious serialized payload from being processed by enforcing validation of untrusted data before deserialization occurs in SharePoint.

detect

Detects unauthorized modification of SharePoint software or information integrity resulting from successful deserialization-based code execution.

preventdetect

Provides malicious-code scanning and sandboxing that can intercept or alert on code introduced via the deserialization flaw.

References