Contact us
Contact us

News

About

Home Crypto News Microsoft fixes SharePoint deserialization RCE

Microsoft fixes SharePoint deserialization RCE

Author Whitewallet Research
Posted: 26 May 2026, 12:46 CET 2 min read

Microsoft patched CVE-2026-45659, a SharePoint deserialization flaw (CVSS 8.8) that allows authenticated Site Members to execute code remotely on several SharePoint Server versions.

Microsoft released updates last week to address CVE-2026-45659, a deserialization vulnerability in SharePoint rated CVSS 8.8. The flaw allows authenticated users with Site Member permissions to execute code remotely on affected on-premises installations, including SharePoint Server Subscription Edition, SharePoint Server 2019 and SharePoint Enterprise Server 2016.

The company classified the issue as Important and wrote in its advisory, “Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.” The advisory also describes a network-based attack in which “an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.”

Microsoft credited a researcher using the handle MEOW for reporting the bug and released patches for the listed server versions. Administrators who manage on-premises SharePoint servers are asked to apply the updates to close the vulnerability.

The advisory notes the vulnerability can be triggered by any authenticated attacker and does not require administrator or other elevated privileges. The company added that CVE-2026-45659 is less likely to be exploited than some recent flaws, but applying the updates reduces exposure.

The update follows fixes issued last month for CVE-2026-32201, a SharePoint spoofing vulnerability rated CVSS 6.5 that Microsoft reported had been exploited in the wild. SharePoint has been targeted in multiple incidents where platform flaws were weaponized.

Deserialization vulnerabilities occur when an application accepts serialized data from an untrusted source and converts it back into program objects. A crafted payload can cause the application to run unexpected code or perform other unintended actions. Because the SharePoint flaw requires only basic authenticated access, an attacker could attempt exploitation using a compromised user account or a weak service account.

Organizations running the affected SharePoint Server editions should review Microsoft’s advisory and apply the available patches promptly to protect servers that host collaborative content and services.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE