All news

CISA: SharePoint RCE (CVE-2026-45659) actively exploited, patch by July 4

CISASummarized by the ORA·tech AI assistant
SEC

CISA added CVE-2026-45659 — a deserialization flaw in Microsoft SharePoint Server that enables remote code execution — to its KEV catalog after confirmed exploitation. U.S. federal agencies must remediate by July 4, 2026; anyone running on-prem SharePoint should patch now per Microsoft's guidance.

CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) catalog, meaning the flaw is being exploited in the wild rather than remaining theoretical.

Key points

  • Affected product: Microsoft SharePoint Server (on-prem).
  • Nature: deserialization of untrusted data (CWE-502) that lets an authorized attacker execute code remotely over a network.
  • Added to KEV: July 1, 2026; remediation deadline for U.S. federal agencies: July 4, 2026 under directive BOD 26-04.
  • Known ransomware-campaign use is currently listed as unknown.
  • For patch details see Microsoft's MSRC guidance for CVE-2026-45659; organizations running on-prem SharePoint should prioritize patching and hunt for signs of compromise.
#CVE-2026-45659#SharePoint#Microsoft#CISA KEV#RCE
This summary was written by the ORA·tech AI assistant. Read the original for full context.

Related

Chào bạn, mình là Nova. Có phần nào bạn muốn hiểu kỹ hơn không? Cứ nói với mình nhé.