Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published: 2026-05-22
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Deserialization of untrusted data within Microsoft Office SharePoint, if exploited by an attacker who has authorized access to a SharePoint instance, can allow that attacker to execute arbitrary code over the network. The flaw maps to CWE-502, indicating an unsafe deserialization process. The impact is a full compromise of the affected SharePoint server, granting the attacker the privileges of the executing account.

Affected Systems

Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition are all affected. The vulnerability applies to all supported versions of these products unless a specific patch has been applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, placing it in the high severity range. EPSS data is unavailable, so while the theoretical risk is high, the probability of exploitation has not been quantified by available metrics. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is an authenticated SharePoint user who uploads or manipulates data that will be deserialized by the server. An attacker could immediately gain code execution on the SharePoint web server or services running under its context.

Generated by OpenCVE AI on May 23, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Microsoft patch that addresses CVE-2026-45659 to all affected SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition instances.
  • Restrict or disable any custom deserialization routines and limit uploads of untrusted data to only authorized workflows to reduce the attack surface.
  • Monitor SharePoint server logs and security alerts for abnormal deserialization or code execution activity, and respond promptly if suspicious events are detected.

Generated by OpenCVE AI on May 23, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft sharepoint Enterprise Server 2016
Microsoft sharepoint Server Subscription Edition
Vendors & Products Microsoft sharepoint Enterprise Server 2016
Microsoft sharepoint Server Subscription Edition

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
Weaknesses CWE-502
CPEs cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server
Microsoft sharepoint Server 2016
Microsoft sharepoint Server 2019
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Sharepoint Enterprise Server 2016 Sharepoint Server Sharepoint Server 2016 Sharepoint Server 2019 Sharepoint Server Subscription Edition
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-22T22:04:33.517Z

Reserved: 2026-05-12T20:33:35.158Z

Link: CVE-2026-45659

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T04:00:08Z

Weaknesses