Active Exploitation of Microsoft SharePoint Flaw CVE-2026-45659 Confirmed

Active Exploitation of Microsoft SharePoint Flaw CVE-2026-45659 Confirmed

First seen 4 Jul 2026, 15:24 UTC ComputerweeklySenservanvd.nist.govwww.first.org 84% similarity 72.9

Article Content

Browse articles
ThreatCluster

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-45659, a remote code execution vulnerability in Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog due to active exploitation. This flaw, stemming from an untrusted data deserialization issue, affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft released a patch for this vulnerability on May 21, 2026, but details were inadvertently omitted from the update bulletin. Organizations using SharePoint are urged to verify their patch levels and implement incident response procedures if they have not updated. The vulnerability allows authenticated attackers with minimal privileges to exploit it, potentially granting access to sensitive resources. CISA has mandated that federal agencies patch this vulnerability by July 4, 2026, emphasizing the urgency of remediation for all exposed organizations. No specific incidents of exploitation have been reported yet.

Key Points: • CVE-2026-45659 is a critical RCE vulnerability in Microsoft SharePoint with active exploitation. • Microsoft's patch for this flaw was released on May 21, 2026, but details were omitted. • CISA requires federal agencies to patch this vulnerability by July 4, 2026, highlighting its urgency.

ThreatCluster AI

Timeline

2026-05-22
CVE-2026-45659 published
Microsoft disclosed a remote code execution vulnerability in SharePoint, affecting multiple versions.
Computerweekly
2026-05-27
First public PoC released
A proof of concept for exploiting CVE-2026-45659 was made publicly available.
Computerweekly
2026-06-01
CVE added to CISA KEV catalog
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog due to active exploitation.
Computerweekly
2026-06-09
CVE-2026-45503 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-09
CVE-2026-45649 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CISA mandates urgent patching
CISA required federal agencies to patch CVE-2026-45659 by July 4, 2026, due to its critical nature.
Computerweekly

Community

Browse all →