Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3089 articles · 170329 vulns · 37/41 feeds (7d)
← Back to list
8.8
CVE-2026-45659KEVEXPLOITEDPATCHED
microsoft · sharepoint_server

Microsoft SharePoint Remote Code Execution Vulnerability

Description

The flaw is tracked as CVE-2026-45659 (CVSS score of 8.8) and was patched in late May, via an out-of-band security update. According to Microsoft, the vulnerability can be triggered by an authenticated attacker who has a minimum of Site Member permissions, without other elevated privileges. The tech giant also warned that the security defect is easy to exploit, “because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.”

Affected Products

VendorProductVersions
microsoftsharepoint_server16.0.0, 16.0.0, 16.0.0, SharePoint Enterprise Server 2016, SharePoint Server 2019, SharePoint Server Subscription Edition, 16.0.5552.1002, 16.0.10417.20128, 16.0.19725.20280

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659(vendor-advisory, patch)

Related News (11 articles)

Tier B
CCCS Canada1d ago
AL26-015 - Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-45659
→ No new info (linked only)
Tier D
BleepingComputer1d ago
CISA: Microsoft SharePoint RCE flaw now actively exploited
→ No new info (linked only)
Tier D
SecurityWeek1d ago
CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
→ No new info (linked only)
Tier D
The Hacker News1d ago
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
→ No new info (linked only)
Tier D
Help Net Security28d ago
June 2026 Patch Tuesday forecast: Where are the CVEs?
→ No new info (linked only)
Tier A
Microsoft MSRC38d ago
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability
→ No new info (linked only)
Tier D
The Hacker News38d ago
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
→ No new info (linked only)
Tier D
Help Net Security38d ago
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
→ No new info (linked only)
Tier C
VulDB41d ago
CVE-2026-45659 | Microsoft SharePoint Enterprise Server deserialization
→ No new info (linked only)
Tier B
BSI Advisories42d ago
[NEU] [hoch] Microsoft SharePoint Server 2016 und SharePoint Server 2019: Schwachstelle ermöglicht Codeausführung
→ No new info (linked only)
Tier B
CERT-FR42d ago
Vulnérabilité dans les produits Microsoft (22 mai 2026)
→ No new info (linked only)
CVSS 3.18.8 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
16.0.5552.1002
CWECWE-502, CWE- deserialization of untrusted data
PublishedMay 22, 2026
Last enriched1d agov7
Tags
CISA KEVCVE-2026-45659
Trending Score131🔥
Source articles11
Independent9
Info Completeness11/14
Missing: epss, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-33825EXPKEV
Microsoft Defender Elevation of Privilege Vulnerability
Trending: 135
HIGHCVE-2026-50521EXP
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Trending: 54
CRITICALCVE-2026-45499
Azure OpenAI Elevation of Privilege Vulnerability
Trending: 44
CRITICALCVE-2026-26145
Microsoft Azure Synapse Elevation of Privilege Vulnerability
Trending: 44
CRITICALCVE-2026-54998
Microsoft Exchange Online Elevation of Privilege Vulnerability
Trending: 44

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 22, 2026
Added to CISA KEV
May 22, 2026
Discovered by ZDM
May 22, 2026
Updated: description, severity
May 23, 2026
Updated: affectedVersions
May 26, 2026
Actively Exploited
Jul 2, 2026
Exploit Available
Jul 2, 2026
Patch Available
Jul 2, 2026
Updated: exploitAvailable, tags
Jul 2, 2026
Updated: description, affectedVersions
Jul 2, 2026
Updated: description, cweIds, patchAvailable, tags
Jul 2, 2026
Updated: affectedVersions, patchAvailable
Jul 2, 2026

Version History

v7
Last enriched 1d ago
v7Tier B1d ago

Updated affected versions with specific fixed version numbers and added CISA KEV tag.

affectedVersionspatchAvailable
via CCCS Canada
v6Tier D1d ago

Updated description with technical details, added CVE-2026-45659 to tags, and noted the patch was released in late May.

descriptioncweIdspatchAvailabletags
via SecurityWeek
v5Tier D1d ago

Updated description with more technical detail, added affected versions, and confirmed severity and CVSS score.

descriptionaffectedVersions
via BleepingComputer
v4Tier D1d ago

Updated exploit availability to true, added CISA KEV tag, and confirmed CVSS score as 8.8.

exploitAvailabletags
via The Hacker News
v3Tier D38d ago

Updated description with technical details, added affected versions, changed severity to HIGH, updated CVSS estimate to 7.5, and marked exploit as available and actively exploited.

affectedVersions
via Help Net Security
v2Tier C41d ago

Updated severity to CRITICAL, changed description to include new details, and noted that no exploit is available.

descriptionseverity
via VulDB
v141d ago

Initial creation