THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in Microsoft SharePoint Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities catalog. This vulnerability, which allows remote code execution, has a CVSS score of 8.8 and can be exploited by an authenticated attacker with minimal permissions. Microsoft released security updates at the end of May 2026 to address this issue.
Organizations are urged to apply these updates immediately, as exploitation is possible with network access and a low-privilege account. CISA has mandated that federal agencies resolve the vulnerability by July 4, 2026, highlighting the necessity for private organizations to review the KEV catalog as well.