7 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-45659 is a remote code execution vulnerability affecting Microsoft Office SharePoint Server.
Successful exploitation could allow an attacker to execute malicious code in the context of the SharePoint server, potentially leading to unauthorized access to sensitive information, modification of SharePoint content, deployment of malicious components, disruption of collaboration services, and further compromise of the underlying server.
Microsoft addressed the vulnerability in the May 2026 SharePoint security updates. On July 1, 2026, CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) Catalog, indicating observed exploitation risk and the need for immediate verification of patch status across exposed SharePoint environments.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Microsoft Office SharePoint Remote Code Execution Vulnerability
Identifier: CVE-2026-45659
PoC or Exploitation:
CVSS Score: 8.8 (High, CVSS v3.1)
Update / Patch:
- Microsoft SharePoint Server Subscription Edition
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server Subscription Edition
- Build 16.0.19725.20280
- Microsoft SharePoint Server 2019
- Build 16.0.10417.20128
- Microsoft SharePoint Enterprise Server 2016 (x64)
- Build 16.0.5552.1002
Description:
Mitigation Recommendation: