CISA Adds Actively Exploited Microsoft SharePoint RCE Vulnerability (CVE-2026-45659) to KEV Catalog

AI-generated NewsSnap summary based on source reporting.
Published: 2026-07-02
Category: technology
Source: SecurityWeek

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity remote code execution (RCE) flaw in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, stemming from deserialization of untrusted data, allows authenticated attackers with minimal privileges to execute arbitrary code. Microsoft addressed the issue in May 2026, and federal agencies are advised to apply fixes by July 4, 2026.

Context

CVE-2026-45659 is a remote code execution vulnerability in Microsoft SharePoint Server that allows attackers to execute arbitrary code with minimal privileges. This flaw results from the deserialization of untrusted data and has been acknowledged by Microsoft, which released a patch in May 2026. CISA's inclusion of this vulnerability in its catalog indicates heightened concern over its potential impact.

Why it matters

The addition of CVE-2026-45659 to CISA's KEV catalog highlights the ongoing risk posed by cybersecurity vulnerabilities in widely used software. Active exploitation of this flaw could lead to significant data breaches and operational disruptions. Prompt action is necessary to mitigate potential threats to sensitive information and critical infrastructure.

Implications

If not addressed, this vulnerability could expose federal agencies and organizations using SharePoint to cyberattacks, compromising sensitive data and operations. The urgency for remediation may strain resources within affected organizations. Additionally, the incident underscores the importance of maintaining up-to-date security practices in software management.

What to watch

Federal agencies are required to implement the provided fixes by July 4, 2026, to protect against this vulnerability. Monitoring for updates from Microsoft and CISA will be crucial as more information about the exploitation becomes available. Observers should also watch for any reports of incidents linked to this vulnerability as the deadline approaches.

Want more?

Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.

Open NewsSnap.ai