Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to intelligence

Microsoft Fixes Multiple Remote Code Execution Flaws Across SharePoint, Edge, Azure, and Power Pages

Updated 27d agoFirst seen May 16, 202616 sources

Microsoft published security advisories for several remote code execution vulnerabilities affecting SharePoint, Microsoft Edge (Chromium-based), Azure Orbital Spatio, Azure Virtual Network Gateway, and Microsoft Power Pages, including CVE-2026-45659, CVE-2026-45495, CVE-2026-40412, CVE-2026-40411, and CVE-2026-23652. The most detailed disclosures focused on SharePoint Server, where Microsoft described CVE-2026-35439 and CVE-2026-40357 as deserialization of untrusted data flaws that could let authenticated attackers execute arbitrary code over the network on vulnerable servers.

Microsoft rated both SharePoint issues Important with CVSS 8.8 and said exploitation requires valid access, with CVE-2026-35439 requiring at least Site Owner privileges and CVE-2026-40357 requiring Site Member permissions. The company said neither flaw had been publicly disclosed or exploited in the wild at publication and assessed exploitation as less likely, while providing fixes that also apply to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Microsoft also disclosed CVE-2026-40362, an Excel heap-based buffer overflow that can lead to remote code execution if a user opens a malicious Office file; Microsoft said the Preview Pane is not an attack vector and that a patch is available.

Share:
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

Start free trial
EVENT TIMELINE

How this story unfolded

4 events from the most recent confirmed update back to the earliest known activity.

4 EVENTS
May 26, 202628d ago

Microsoft issues out-of-band patch for SharePoint RCE CVE-2026-45659

Microsoft released an out-of-band fix for CVE-2026-45659, a SharePoint Server remote code execution flaw exploitable by an authenticated attacker with Site Member permissions. The vulnerability was attributed to deserialization of untrusted data and, at the time of reporting, Microsoft said there was no public exploit code or known in-the-wild exploitation.

Microsoft Issues Out-of-Band SharePoint Patch
May 21, 20261mo ago

Microsoft publishes May 21 advisories for SharePoint, Azure, and Power Pages RCE flaws

Microsoft published Security Update Guide entries for CVE-2026-45659 (Microsoft SharePoint), CVE-2026-40412 (Azure Orbital Spatio), CVE-2026-40411 (Azure Virtual Network Gateway), and CVE-2026-23652 (Microsoft Power Pages), all described as remote code execution vulnerabilities. The provided references do not include further technical or exploitation details.

May 12, 20261mo ago

Microsoft publishes Edge RCE advisory for CVE-2026-45495

Microsoft added a Security Update Guide entry for CVE-2026-45495, a remote code execution vulnerability in Chromium-based Microsoft Edge. The reference content provides no additional synopsis beyond the advisory publication.

Microsoft releases fixes for SharePoint and Excel RCE flaws

Microsoft published Security Update Guide entries for CVE-2026-35439 and CVE-2026-40357 affecting Microsoft SharePoint Server, and CVE-2026-40362 affecting Microsoft Excel. Microsoft said fixes were available and that none of the flaws were publicly disclosed or exploited in the wild at publication.

SOURCE COVERAGE

Sources

16 references tracked. Mallory keeps watching after this page renders.

16 SOURCESView all
Security AffairsNews
May 27, 2026

SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.

securityaffairs.com

Open source
Belgium Ccb Product AdvisoriesNews
May 27, 2026

Warning: Microsoft SharePoint Remote Code Execution Vulnerability, Patch Immediately! | CCB Belgium

ccb.belgium.be

Open source
Cyber Security NewsNews
May 26, 2026

Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks

cybersecuritynews.com

Open source
Help Net SecurityNews
May 26, 2026

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) - Help Net Security

helpnetsecurity.com

Open source
8 additional sources from 12-05-2026 to 26-05-2026
Msrc MicrosoftAdvisories
May 12, 2026

CVE-2026-40362 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability

msrc.microsoft.com

Open source
Msrc MicrosoftAdvisories
May 12, 2026

CVE-2026-35439 - Security Update Guide - Microsoft - Microsoft SharePoint Server Remote Code Execution Vulnerability

msrc.microsoft.com

Open source
Microsoft SupportAdvisories
Mar 10, 2026

Description of the security update for SharePoint Server Subscription Edition: March 10, 2026 (KB5002843) - Microsoft Support

support.microsoft.com

Open source
Microsoft SupportAdvisories
Mar 10, 2026

Description of the security update for SharePoint Server 2019: March 10, 2026 (KB5002845) - Microsoft Support

support.microsoft.com

Open source
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Start free trial
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.