CISA: SharePoint RCE (CVE-2026-45659) actively exploited, patch by July 4
CISA added CVE-2026-45659 — a deserialization flaw in Microsoft SharePoint Server that enables remote code execution — to its KEV catalog after confirmed exploitation. U.S. federal agencies must remediate by July 4, 2026; anyone running on-prem SharePoint should patch now per Microsoft's guidance.
CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) catalog, meaning the flaw is being exploited in the wild rather than remaining theoretical.
Key points
- Affected product: Microsoft SharePoint Server (on-prem).
- Nature: deserialization of untrusted data (CWE-502) that lets an authorized attacker execute code remotely over a network.
- Added to KEV: July 1, 2026; remediation deadline for U.S. federal agencies: July 4, 2026 under directive BOD 26-04.
- Known ransomware-campaign use is currently listed as unknown.
- For patch details see Microsoft's MSRC guidance for CVE-2026-45659; organizations running on-prem SharePoint should prioritize patching and hunt for signs of compromise.
Source
CISA
#CVE-2026-45659#SharePoint#Microsoft#CISA KEV#RCE
This summary was written by the ORA·tech AI assistant. Read the original for full context.