Microsoft has rolled out updates to repair a distant code execution vulnerability impacting SharePoint that may very well be exploited by unhealthy actors in assaults with out requiring any specialised circumstances to be met.
The vulnerability, tracked as CVE-2026-45659, carries a CVSS rating of 8.8. It has been assigned an essential severity.
“Deserialization of untrusted information in Microsoft Workplace SharePoint permits a certified attacker to execute code over a community,” Microsoft stated in an advisory launched final week.
Microsoft famous that the vulnerability may very well be triggered by any authenticated attacker, and that it doesn’t require administrator or different elevated privileges.
“In a network-based assault, an authenticated attacker, who has a minimal of Website Member permissions (PR:L), might execute code remotely on the SharePoint Server,” the Home windows maker added.
Microsoft credited a researcher named MEOW for locating and reporting the flaw. Updates have been launched for the next variations –
Final month, Microsoft issued fixes for a spoofing vulnerability impacting Microsoft SharePoint Server (CVE-2026-32201, CVSS rating: 6.5) that it stated has been exploited within the wild.
Though the tech large notes that CVE-2026-45659 is much less more likely to be exploited, it is important that customers apply the mandatory fixes for optimum safety, notably when contemplating the truth that a number of flaws within the collaborative platform have been repeatedly weaponized by attackers through the years.
