SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

Summary

CISA has added a critical remote code execution vulnerability in Microsoft SharePoint Server, CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken due to evidence of active exploitation in the wild.

IFF Assessment

FOE

The identification and active exploitation of a remote code execution vulnerability represent a significant threat to organizations using vulnerable SharePoint servers.

Severity

8.8 High

The CVSS score of 8.8 indicates a high-severity vulnerability. Remote code execution is a critical impact, allowing attackers to compromise systems, and the 'deserialization of untrusted data' often implies potential for unauthenticated exploitation or exploitation with low privileges.

CISA KEV: Listed as actively exploited. Federal patch due: July 04, 2026. Known ransomware use: Unknown.

Defender Context

This vulnerability is actively being exploited, meaning organizations running Microsoft SharePoint should prioritize patching or implementing mitigations immediately. Its inclusion in the CISA KEV catalog signifies a heightened risk and potential for widespread attacks.

Read Full Story →