High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Microsoft has released patches for CVE-2026-45659, a high-severity remote code execution vulnerability in SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The flaw is due to deserialization of untrusted data and can allow an authenticated attacker to execute code remotely with low attack complexity; Microsoft advises organizations with on-premises SharePoint to apply the provided updates even though no public exploit or PoC has been reported.