CISA Adds Actively Exploited Microsoft SharePoint RCE Vulnerability (CVE-2026-45659) to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity remote code execution (RCE) flaw in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, stemming from deserialization of untrusted data, allows authenticated attackers with minimal privileges to execute arbitrary code. Microsoft addressed the issue in May 2026, and federal agencies are advised to apply fixes by July 4, 2026.
Context
CVE-2026-45659 is a remote code execution vulnerability in Microsoft SharePoint Server that allows attackers to execute arbitrary code with minimal privileges. This flaw results from the deserialization of untrusted data and has been acknowledged by Microsoft, which released a patch in May 2026. CISA's inclusion of this vulnerability in its catalog indicates heightened concern over its potential impact.
Why it matters
The addition of CVE-2026-45659 to CISA's KEV catalog highlights the ongoing risk posed by cybersecurity vulnerabilities in widely used software. Active exploitation of this flaw could lead to significant data breaches and operational disruptions. Prompt action is necessary to mitigate potential threats to sensitive information and critical infrastructure.
Implications
If not addressed, this vulnerability could expose federal agencies and organizations using SharePoint to cyberattacks, compromising sensitive data and operations. The urgency for remediation may strain resources within affected organizations. Additionally, the incident underscores the importance of maintaining up-to-date security practices in software management.
What to watch
Federal agencies are required to implement the provided fixes by July 4, 2026, to protect against this vulnerability. Monitoring for updates from Microsoft and CISA will be crucial as more information about the exploitation becomes available. Observers should also watch for any reports of incidents linked to this vulnerability as the deadline approaches.
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.