www.securityweek.com 7/2/2026, 11:13:59 AM · external

CISA warns of active SharePoint flaw CVE-2026-45659

CISA warns of active SharePoint flaw CVE-2026-45659
Developing story vulnerability 9 articles tracked
Microsoft SharePoint deserialization flaw (CVE-2026-45659) actively exploited
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CISA KEV Listed in KEV
Patch Patch Available

CISA has warned about a high-severity vulnerability (CVE-2026-45659) in Microsoft SharePoint Server that is being actively exploited. This security flaw, allowing authenticated attackers with minimal permissions to execute arbitrary code, has a CVSS score of 8.8 and affects multiple SharePoint versions including Subscription Edition and 2019. Microsoft patched the vulnerability in May, and CISA has urged federal agencies to apply the update within three days.

Although no in-the-wild exploits have been reported, organizations are advised to apply patches promptly due to SharePoint's critical role in enterprise collaboration.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline