Threat Board: SharePoint RCE Flaw Patched

Microsoft has patched CVE-2026-45659, a SharePoint remote code execution vulnerability with a CVSS score of 8.8.

The issue affects:

• SharePoint Server Subscription Edition
• SharePoint Server 2019
• SharePoint Enterprise Server 2016

What makes this serious is that an authenticated attacker with basic Site Member permissions could potentially execute code remotely over the network. No admin access required.

Microsoft says exploitation is less likely, but SharePoint has been targeted before, and attackers often move quickly once patches are released.

What should you do?

Patch affected SharePoint servers as soon as possible, review user permissions, and monitor for unusual activity around SharePoint access.

Not sure if your systems are exposed or fully updated? Britec can help you check before attackers do.