InfoSecBulletin Cybersecurity for mankind
Microsoft patches to fix a security flaw in SharePoint. This issue could let hackers run harmful code without needing special conditions. The flaw, dubbed CVE-2026-45659, has a CVSS score of 8.8. It is rated as a serious issue.
“Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network,” Microsoft said in an advisory released last week.
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
Microsoft said that any unauthenticated attacker could cause the vulnerability and it does not need admin or higher permissions.
“In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server,” the Windows maker added.
Microsoft thanked a researcher called MEOW for finding and reporting the problem. Updates have been given for these versions –
SharePoint Server Subscription Edition
SharePoint Server 2019
SharePoint Enterprise Server 2016
Last month, Microsoft fixed a security issue with SharePoint Server that allowed fake identities. This flaw, listed as CVE-2026-32201 and rated 6.5 on the CVSS scale, was known to be taken advantage of in real attacks.
The tech giant says CVE-2026-45659 is less likely to be used against users, but it’s still important for users to fix it for better safety. This is especially true because many problems in the platform have often been targeted by attackers in the past.
