CVE-2026-45659
Published: 22 May 2026
Summary
CVE-2026-45659 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Deeper analysis
The vulnerability CVE-2026-45659 stems from deserialization of untrusted data, tracked under CWE-502, in Microsoft Office SharePoint. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, and low privileges required, with impacts rated high for confidentiality, integrity, and availability.
An authorized attacker with network access can supply malicious serialized data to trigger remote code execution on the affected SharePoint instance, without needing user interaction.
Microsoft has published an advisory with further details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659. The associated EPSS score has remained flat at 0.0115 from disclosure onward, indicating no material rise in observed exploitation interest.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31518
Vulnerability details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CWE(s)
- KEV Date Added
- 01 July 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization RCE in internet-facing SharePoint server directly enables remote exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the malicious serialized payload from being processed by enforcing validation of untrusted data before deserialization occurs in SharePoint.
Detects unauthorized modification of SharePoint software or information integrity resulting from successful deserialization-based code execution.
Provides malicious-code scanning and sandboxing that can intercept or alert on code introduced via the deserialization flaw.