New Microsoft SharePoint Server Critical Vulnerabilities Released

CVE-2026-45659 details critical vulnerabilities affecting Microsoft SharePoint Server versions prior to 16. Specifically, this critical flaw targets the deseriiailization of untrusted data and there is evidence they are being actively exploited. Microsoft has release fixes for these issues as detailed in this chart:

Affected Product Affected Versions Fixed Versions
Microsoft SharePoint Enterprise Server 2016 Prior to 16.0.5552.1002 16.0.5552.1002
Microsoft SharePoint Server 2019 Prior to 16.0.10417.20128 16.0.10417.20128
Microsoft SharePoint Server Subscription Edition Prior to 16.0.19725.20280 16.0.19725.20280

For more information, please see Microsoft's CVE info page.

It is recommended that you install the fixed versions as soon as possible if you are running an affected version. Fixed software is available via Microsoft update or can be downloaded directly from Microsoft. You should also regularly audit your user permissions to ensure you don't have more than the number of users with contributor or higher permissions needed to minimize the attack surface of these exploits.

General guidance for protecting your environment is available from the Canadian Centre for Cyber Security.

Please also keep in mind that Microsoft SharePoint Enterprise Server 2016 and Server 2019 will become end of life on July 14, 2026 so please consider upgrading to a supported version ahead of that date.