Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

AndyC 27 May 2026

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

Pierluigi Paganini
May 27, 2026

A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort.

Microsoft released security updates to patch a high-severity SharePoint vulnerability, tracked as CVE-2026-45659 (CVSS score of 8.8), that could allow remote code execution. The flaw does not require complex conditions for exploitation, making it a serious risk for unpatched systems. Organizations using Microsoft SharePoint should apply the updates as soon as possible.

The root cause is deserialization of untrusted data.

“Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.” reads the advisory. “In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.”

Deserialization of untrusted data is a security vulnerability that happens when an application accepts and processes serialized data from an untrusted source without proper validation. An attacker can craft a payload that runs code on the server. In this case, all it takes is network access and a low-privilege SharePoint account.

The vulnerability was discovered and reported by a researcher using the moniker MEOW. Patches are available for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. If you’re running any of these, the update is out and there’s no good reason to wait.

Apply the fix now, not after the next Patch Tuesday retrospective.

Microsoft says exploitation is less likely for this particular flaw, but that assessment deserves some skepticism. SharePoint has a long and well-documented history of being targeted. In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft SharePoint Server flaw CVE-2026-32201 to its Known Exploited Vulnerabilities (KEV) catalog.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft SharePoint, remote code execution)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , ,

What do you feel about this?

More Stories

How cybersecurity firms took down Glassworm botnet in one shot

How cybersecurity firms took down Glassworm botnet in one shot

AndyC 27 May 2026
Dutch Government just said no to an American firm buying the keys to their digital State

Dutch Government just said no to an American firm buying the keys to their digital State

AndyC 27 May 2026
Identity for the Machine Age: A CISO’s Framework for Agentic AI Governance (2026 Edition)

Identity for the Machine Age: A CISO’s Framework for Agentic AI Governance (2026 Edition)

AndyC 27 May 2026
The Hidden Ransomware Economy Running on Exposed Databases

The Hidden Ransomware Economy Running on Exposed Databases

AndyC 27 May 2026
ECB warns banks of new AI risks

FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required

AndyC 27 May 2026
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

AndyC 27 May 2026

You may have missed

How cybersecurity firms took down Glassworm botnet in one shot

How cybersecurity firms took down Glassworm botnet in one shot

AndyC 27 May 2026
Dutch Government just said no to an American firm buying the keys to their digital State

Dutch Government just said no to an American firm buying the keys to their digital State

AndyC 27 May 2026
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

AndyC 27 May 2026
Total Android recall: Never lose an important notification again

Apple’s iPhone satellite ambition goes beyond rescuing hikers

AndyC 27 May 2026
The big winner in Elon Musk’s suit against OpenAI and Microsoft — hypocrisy

The AI tech job slaughter gets real

AndyC 27 May 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.