A significant vulnerability (CVE-2026-45659) in Microsoft SharePoint Server has been identified, allowing for remote code execution due to unsafe deserialization of untrusted data. This flaw has been actively exploited and added to CISA's Known Exploited Vulnerabilities catalog. Affected versions include SharePoint Server 2016 (16.0.0) and similar editions. The CVSS score is 8.8, indicating a high severity. Patches were released in May 2026, and federal agencies are required to update by July 4, 2026.
SharePoint serves as a crucial target for attackers as it handles sensitive corporate data, necessitating immediate attention and remediation.