Home / Vulnerabilities / CVE-2026-45659
HIGH SEVERITY
CVE-2026-45659Microsoft · SharePoint Server

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

3.22 %
Predictive Probability
Percentile Rank
86.7 th

Documented as more likely to be exploited than 86.7% of known CVEs.

Detection Date

Jul 01, 2026

Remediation Due

Jul 04, 2026

CISA Catalog Active

Threat Analysis

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

Remediation Directive

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

External Intelligence