CISA Urges SharePoint Hardening After New Exploitations
Summary
CISA has issued a warning about the active exploitation of three SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164), which allow attackers to gain unauthorized access, execute remote code, and deploy malware. Additionally, two other vulnerabilities (CVE-2026-55040 and CVE-2026-58644) have been disclosed as posing a potential risk if unpatched.
IFF Assessment
This article highlights actively exploited vulnerabilities, which represent a direct threat to organizations relying on SharePoint Server.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: April 28, 2026. Known ransomware use: Unknown.
Defender Context
This alert emphasizes the critical need for immediate patching and hardening of on-premises SharePoint Server instances. Defenders should be vigilant for signs of exploitation, monitor for the specific AMSI and MDAV detections mentioned, and prioritize applying Microsoft's security updates to mitigate the risks associated with these vulnerabilities.