SharePoint RCE Vulnerability CVE-2026-45659 Added to CISA Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the remote code execution vulnerability CVE-2026-45659 affecting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog following evidence of ongoing attacks. The vulnerability stems from the unsafe deserialization of untrusted data and carries a CVSS severity score of 8.8.
What happened
On July 1, 2026, CISA publicly incorporated CVE-2026-45659, a critical vulnerability in Microsoft SharePoint Server, into its KEV catalog. This move signals confirmed active exploitation in the wild. The vulnerability enables remote code execution by allowing attackers to leverage deserialization of untrusted data within SharePoint environments. The issue could permit adversaries to execute arbitrary code remotely if successfully exploited.
Why it matters
The inclusion of this vulnerability in the KEV catalog underscores its exploitation threat and the necessity for immediate action to mitigate potential damage. Microsoft SharePoint is widely deployed in enterprise environments, making the exploitation of such a flaw particularly concerning for organizational security. Left unpatched, attackers could gain unauthorized control over vulnerable servers, potentially leading to data breaches and further network compromise.
What security teams should do
Security teams managing Microsoft SharePoint Server installations should prioritize reviewing their exposure to CVE-2026-45659 and apply any available security patches or mitigations released by Microsoft. Monitoring network activity for unusual behaviors or potential intrusion attempts related to SharePoint services is advisable. Organizations should also follow guidance from CISA and Microsoft regarding detection and response to exploitation attempts targeting this vulnerability.
Key technical details
CVE-2026-45659 is classified as a remote code execution vulnerability that arises from the deserialization of untrusted data within Microsoft SharePoint Server. Deserialization vulnerabilities occur when software processes serialized data without adequately validating input, allowing malicious data to alter program flow. The CVSS score of 8.8 denotes a high severity level, indicating significant impact potential and ease of exploit. Exploitation enables attackers to execute arbitrary code remotely, potentially gaining control over affected servers.
Affected organizations/products
The vulnerability specifically affects Microsoft SharePoint Server installations. No additional affected products or organizations have been publicly identified by CISA at this time.
Source attribution
https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html