CISA Adds Actively Exploited Microsoft SharePoint RCE Vulnerability (CVE-2026-45659) to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, stemming from deserialization of untrusted data, is actively being exploited, prompting federal agencies to apply patches by July 4, 2026. Microsoft addressed the issue in May 2026, noting that an authenticated attacker with minimum Site Member permissions could leverage it for remote code execution.
Context
CVE-2026-45659 is a high-severity remote code execution vulnerability in Microsoft SharePoint Server, identified due to deserialization of untrusted data. Microsoft released a patch for this vulnerability in May 2026, but its active exploitation has raised alarms. CISA's KEV catalog serves as a resource for organizations to prioritize their cybersecurity efforts against known threats.
Why it matters
The addition of CVE-2026-45659 to CISA's KEV catalog highlights the urgency of addressing critical cybersecurity vulnerabilities. Exploitation of this flaw could lead to significant data breaches or system compromises, impacting both public and private sectors. Timely patching is essential to protect sensitive information and maintain operational integrity.
Implications
Failure to address this vulnerability could lead to unauthorized access and control over affected systems, potentially resulting in data theft or operational disruptions. Federal agencies and organizations using Microsoft SharePoint are particularly at risk. The situation underscores the importance of proactive cybersecurity measures in preventing exploitation.
What to watch
Organizations, especially federal agencies, are required to implement patches by July 4, 2026, to mitigate risks associated with this vulnerability. Monitoring for updates from CISA and Microsoft will be crucial as the deadline approaches. Additionally, watch for any reports of exploitation incidents that may arise during this period.
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.