CISA Urges SharePoint Hardening After New Exploitations

Summary

CISA has issued a warning about the active exploitation of three SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164), which allow attackers to gain unauthorized access, execute remote code, and deploy malware. Additionally, two other vulnerabilities (CVE-2026-55040 and CVE-2026-58644) have been disclosed as posing a potential risk if unpatched.

IFF Assessment

FOE

This article highlights actively exploited vulnerabilities, which represent a direct threat to organizations relying on SharePoint Server.

Severity

9.8 Critical

CISA KEV: Listed as actively exploited. Federal patch due: April 28, 2026. Known ransomware use: Unknown.

Defender Context

This alert emphasizes the critical need for immediate patching and hardening of on-premises SharePoint Server instances. Defenders should be vigilant for signs of exploitation, monitor for the specific AMSI and MDAV detections mentioned, and prioritize applying Microsoft's security updates to mitigate the risks associated with these vulnerabilities.

Read Full Story →