Microsoft released updates to address a remote code execution vulnerability in Microsoft Office SharePoint. The flaw, CVE-2026-45659, has a CVSS score of 8.8 and is rated with important severity. Microsoft states that deserialization of untrusted data in SharePoint allows an authorized attacker to execute code over a network. The vulnerability can be triggered by any authenticated attacker with at least Site Member permissions, and it does not require administrator or other elevated privileges. Microsoft provided fixes for affected SharePoint versions and noted that the issue is less likely to be exploited than some other recent SharePoint vulnerabilities, but patching remains essential due to repeated weaponization of SharePoint flaws.
"Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network, Microsoft said in an advisory released last week."
"Microsoft noted that the vulnerability could be triggered by any authenticated attacker, and that it does not require administrator or other elevated privileges."
"In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server, the Windows maker added."
"Although the tech giant notes that CVE-2026-45659 is less likely to be exploited, it's essential that users apply the necessary fixes for optimal protection, particularly when considering the fact that several flaws in the collaborative platform have been repeatedly weaponized by attackers over the years."
Read at thehackernews.com
Unable to calculate read time
Collection
[
|
...
]