CISA has warned about a high-severity vulnerability (CVE-2026-45659) in Microsoft SharePoint Server that is being actively exploited. This security flaw, allowing authenticated attackers with minimal permissions to execute arbitrary code, has a CVSS score of 8.8 and affects multiple SharePoint versions including Subscription Edition and 2019. Microsoft patched the vulnerability in May, and CISA has urged federal agencies to apply the update within three days.
Although no in-the-wild exploits have been reported, organizations are advised to apply patches promptly due to SharePoint's critical role in enterprise collaboration.