// Microsoft 365CRITICAL
CVE-2026-45659, a high-severity remote code execution vulnerability in Microsoft SharePoint Server, was added to CISA's Known Exploited Vulnerabilities catalog on July 1, 2026, following confirmed active exploitation. The flaw stems from improper deserialization of untrusted data and affects SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016 (patched May 2026). Authenticated attackers with minimum Site Member permissions can execute arbitrary code on vulnerable systems; the threat group and exploitation details remain unknown. CISA mandates that U.S. federal agencies patch by July 4, 2026.
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exp(opens in a new tab)
- CISA: Microsoft SharePoint RCE flaw now actively exploited(opens in a new tab)
- CISA Warns Actively Exploited Microsoft SharePoint RCE Flaw Requ(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
- CISA adds SharePoint flaw to known exploited vulnerabilities lis(opens in a new tab)
- SharePoint RCE CVE-2026-45659: Why CISA's Urgent Alert Raises Qu(opens in a new tab)
// Get alerts for Microsoft 365