A critical vulnerability in Microsoft SharePoint, identified as CVE-2026-45659, allows for remote code execution (RCE) with a CVSS score of 8.8. This flaw results from the deserialization of untrusted data and poses a significant risk as it requires minimal conditions for exploitation. Organizations are urged to patch their systems immediately. An authenticated user with basic permissions can execute code remotely on the SharePoint server.
The vulnerability was discovered by a researcher named MEOW, and patches are now available for supported SharePoint versions. Although Microsoft assesses exploitation likelihood as low, historical targeting of SharePoint vulnerabilities suggests otherwise.