securityaffairs.com 7/2/2026, 4:32:49 PM · external

CISA urges SharePoint patch for CVE-2026-45659 before July 4

CISA urges SharePoint patch for CVE-2026-45659 before July 4
Developing story vulnerability 10 articles tracked
Microsoft SharePoint Server deserialization flaw (CVE-2026-45659) actively exploited
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities catalog. This vulnerability, which allows remote code execution, has a CVSS score of 8.8 and can be exploited by an authenticated attacker with minimal permissions. Microsoft released security updates at the end of May 2026 to address this issue.

Organizations are urged to apply these updates immediately, as exploitation is possible with network access and a low-privilege account. CISA has mandated that federal agencies resolve the vulnerability by July 4, 2026, highlighting the necessity for private organizations to review the KEV catalog as well.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline