CVE-2026-45659: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Summary

Microsoft SharePoint Server has a deserialization of untrusted data vulnerability that allows an authorized attacker to execute code remotely. Users are advised to apply mitigations provided by Microsoft and adhere to CISA's guidance on prioritizing security updates.

IFF Assessment

FOE

This vulnerability allows for remote code execution, posing a significant threat to systems that are not properly patched.

Severity

8.8 High

The vulnerability allows for remote code execution (RCE) over a network, impacting confidentiality, integrity, and availability. Given the severe impact and likelihood of exploitation for such a flaw in a widely used server product, a high CVSS score is estimated.

CISA KEV: Listed as actively exploited. Federal patch due: July 04, 2026. Known ransomware use: Unknown.

Defender Context

This CVE highlights a critical vulnerability in Microsoft SharePoint Server that enables remote code execution. Defenders must prioritize applying vendor-provided mitigations and adhere to CISA's directives for timely patching to prevent potential exploitation.

Read Full Story →