CISA confirmed on July 2, 2026, that attackers are actively exploiting CVE-2026-45659, a high-severity remote code execution vulnerability in Microsoft SharePoint. The deserialization flaw requires only basic authenticated access (Site Member permissions) and was patched in May 2026. Over 10,000 SharePoint servers remain exposed online, with no visibility into remediation coverage.
- CISA: Microsoft SharePoint RCE flaw now actively exploited(opens in a new tab)
- U.S. CISA adds a Microsoft SharePoint Server flaw to its Known E(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exp(opens in a new tab)
- CISA adds SharePoint flaw to known exploited vulnerabilities lis(opens in a new tab)
- CISA Warns of Actively Exploited Microsoft SharePoint Vulnerabil(opens in a new tab)
// Get alerts for Microsoft Azure