CISA has added CVE‑2026‑45659 to its Known Exploited Vulnerabilities catalogue, affecting Microsoft SharePoint Server. The vulnerability, named Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability, allows an authorised attacker to execute code over the network by exploiting improper deserialization of untrusted data.
Technically, the flaw is a deserialization weakness that can lead to remote code execution when malicious data is processed by the SharePoint server. It carries a CVSS v3.1 score of 8.8, rated HIGH, and a security patch is already available from Microsoft.
Because the vulnerability is listed in the KEV catalogue, active exploitation has been confirmed in the wild; there is no public indication of ransomware use at this time. CISA has set a remediation deadline of 26 July 2026 for federal civilian executive branch (FCEB) agencies to address the issue.
CISA’s required action is to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26‑04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Follow applicable BOD 26‑04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26‑04 patching guidelines.
While the directive binds FCEB agencies, all organisations should review their SharePoint Server exposure and apply the patch or mitigations as soon as practicable.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-45659 and the CISA KEV catalogue.