CISA Issues Urgent Alert: Microsoft SharePoint Critical Vulnerability Exploited
CISA disclosed that malicious actors are actively exploiting a critical vulnerability in Microsoft SharePoint Server, designated CVE-2026-45659, with a CVSS score of 8.8.
CISA’s Disclosure and Vulnerability Overview
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed that a critical deserialization vulnerability in Microsoft SharePoint Server is being actively exploited. This flaw allows authenticated adversaries to execute arbitrary code on affected systems, posing a significant risk to enterprise environments.
The Critical Vulnerability: CVE-2026-45659
CVE-2026-45659 is a deserialization vulnerability involving untrusted data. It was addressed in a late May out-of-band patch. Microsoft confirmed that attackers with minimal privileges, such as Site Member access, can exploit this flaw without requiring elevated permissions.
Patch Details and Affected Products
The vulnerability was patched in late May, but attackers can achieve consistent success with targeted payloads against vulnerable components. Affected products include SharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Enterprise Server 2016.
CISA’s KEV List and Federal Agency Mandate
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) list, requiring federal agencies to apply the patch within three days per BOD 26-04. While no evidence of in-the-wild exploitation was reported prior to the advisory, organizations are urged to deploy fixes immediately.
Broader Security Context
SharePoint serves as a core platform for enterprise document management and collaboration, making it a frequent target for threat actors. Microsoft has addressed similar vulnerabilities recently, including a zero-day flaw in April and another active exploit in March. Additional unrelated patches and security developments also highlight ongoing risks.
Conclusion
The advisory underscores the importance of timely remediation for critical infrastructure and enterprise systems. Organizations must prioritize applying patches to mitigate risks associated with actively exploited vulnerabilities like CVE-2026-45659.
