Vulnerability-Lookup

CVE-2026-45659 (GCVE-0-2026-45659)

Vulnerability from cvelistv5 – Published: 2026-05-22 22:04 – Updated: 2026-05-22 22:04

Title

Microsoft SharePoint Remote Code Execution Vulnerability

Summary

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5552.1002 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20128 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.19725.20280 (custom)

Date Public ?

2026-05-21 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5552.1002",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20128",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.19725.20280",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5552.1002",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20128",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.19725.20280",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-21T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T22:04:33.517Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659"
        }
      ],
      "title": "Microsoft SharePoint Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-45659",
    "datePublished": "2026-05-22T22:04:33.517Z",
    "dateReserved": "2026-05-12T20:33:35.158Z",
    "dateUpdated": "2026-05-22T22:04:33.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-45659",
      "date": "2026-05-25",
      "epss": "0.00503",
      "percentile": "0.66294"
    }
  }
}

CERTFR-2026-AVI-0634

Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

Une vulnérabilité a été découverte dans les produits Microsoft. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5552.1002
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20128
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20280

References

Title

Publication Time

MSRC_CVE-2026-45659

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-05-21 07:00

Summary

Microsoft SharePoint Remote Code Execution Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-45659

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016		16.0.5552.1002
Microsoft SharePoint Server 2019 16.0.10417.20128 Microsoft SharePoint Server 2019		16.0.10417.20128
Microsoft SharePoint Server Subscription Edition 16.0.19725.20280 Microsoft SharePoint Server Subscription Edition		16.0.19725.20280

Known affected 3 products

Product	Version	Remediation
Microsoft SharePoint Server Subscription Edition <16.0.19725.20280 Microsoft SharePoint Server Subscription Edition	<16.0.19725.20280	Vendor Fix fix
Microsoft SharePoint Server 2019 <16.0.10417.20128 Microsoft SharePoint Server 2019	<16.0.10417.20128	Vendor Fix fix
Microsoft SharePoint Enterprise Server 2016 <16.0.5552.1002 Microsoft SharePoint Enterprise Server 2016	<16.0.5552.1002	Vendor Fix fix

Threats

Impact Remote Code Execution

Exploit Status Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

Acknowledgments

MEOW

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "MEOW"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659"
      },
      {
        "category": "self",
        "summary": "CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45659.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft SharePoint Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2026-05-21T07:00:00.000Z",
      "generator": {
        "date": "2026-05-22T01:25:44.579Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-45659",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-21T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 \u003c16.0.5552.1002",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5552.1002",
            "product": {
              "name": "Microsoft SharePoint Enterprise Server 2016 16.0.5552.1002",
              "product_id": "10950"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Enterprise Server 2016"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 \u003c16.0.10417.20128",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20128",
            "product": {
              "name": "Microsoft SharePoint Server 2019 16.0.10417.20128",
              "product_id": "11585"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.19725.20280",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.19725.20280",
            "product": {
              "name": "Microsoft SharePoint Server Subscription Edition 16.0.19725.20280",
              "product_id": "11961"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SharePoint Server Subscription Edition"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45659",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.",
          "title": "I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?"
        },
        {
          "category": "faq",
          "text": "Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.",
          "title": "According to the CVSS metric, privileges required is low (PR:L).  What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.",
          "title": "How could an attacker exploit the vulnerability?"
        },
        {
          "category": "faq",
          "text": "The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.",
          "title": "According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "10950",
          "11585",
          "11961"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659"
        },
        {
          "category": "self",
          "summary": "CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45659.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-21T07:00:00.000Z",
          "details": "16.0.5552.1002:Security Update:https://support.microsoft.com/help/5002868",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5002868"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T07:00:00.000Z",
          "details": "16.0.10417.20128:Security Update:https://support.microsoft.com/help/5002870",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5002870"
        },
        {
          "category": "vendor_fix",
          "date": "2026-05-21T07:00:00.000Z",
          "details": "16.0.19725.20280:Security Update:https://support.microsoft.com/help/5002863",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5002863"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft SharePoint Remote Code Execution Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-45659 (GCVE-0-2026-45659)

CERTFR-2026-AVI-0634

Solutions

MSRC_CVE-2026-45659

Tags

Sightings

Nomenclature