Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. "Deserialization of untrusted data in Microsoft Office SharePoint allows

The article reports on CVE-2026-45659, a high-severity (CVSS 8.8) remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data, which allows any authenticated user with minimal 'Site Member' permissions to execute arbitrary code over the network on affected SharePoint instances.[1][2][3] Microsoft has released patches for SharePoint Server Subscription Edition, 2019, and Enterprise 2016, and while exploitation is currently assessed as less likely with no public PoC, unpatched servers remain at significant risk of full compromise.[1][2][3] From a CyberSE.AI perspective, AI-enabled workflows and agents that integrate with on-prem or self-hosted SharePoint for data access or orchestration could be indirectly exposed if a compromised SharePoint server is leveraged to pivot into AI infrastructure, exfiltrate training/operational data, or tamper with documents and prompts consumed by AI systems. Organizations should ensure SharePoint patching is tightly integrated into their broader AI security readiness and asset management, especially where SharePoint is a data source or control surface for AI agents and decision-support systems.