Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
The Hacker News • • technology
Key Points:
- Microsoft has released updates to address a remote code execution vulnerability (CVE-2026-45659) in SharePoint that can be exploited by authenticated attackers without requiring elevated privileges.
- The vulnerability, rated with a CVSS score of 8.8 and classified as important, allows attackers with Site Member permissions to execute code remotely on SharePoint servers.
- A security researcher known as MEOW discovered and reported the flaw, prompting patches for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.
- This update follows a recent fix for a spoofing vulnerability in SharePoint Server that has been actively exploited in the wild, highlighting ongoing risks to the platform.
- Microsoft advises users to promptly apply the new fixes to protect against potential attacks, given the history of repeated exploitation of SharePoint vulnerabilities.