SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
Summary
CISA has added a critical remote code execution vulnerability in Microsoft SharePoint Server, CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken due to evidence of active exploitation in the wild.
IFF Assessment
The identification and active exploitation of a remote code execution vulnerability represent a significant threat to organizations using vulnerable SharePoint servers.
Severity
The CVSS score of 8.8 indicates a high-severity vulnerability. Remote code execution is a critical impact, allowing attackers to compromise systems, and the 'deserialization of untrusted data' often implies potential for unauthenticated exploitation or exploitation with low privileges.
CISA KEV: Listed as actively exploited. Federal patch due: July 04, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability is actively being exploited, meaning organizations running Microsoft SharePoint should prioritize patching or implementing mitigations immediately. Its inclusion in the CISA KEV catalog signifies a heightened risk and potential for widespread attacks.