CISA Adds SharePoint RCE Vulnerability CVE-2026-45659 to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. Identified as CVE-2026-45659, this flaw carries a CVSS score of 8.8, indicating high severity.

The vulnerability arises from the deserialization of untrusted data within Microsoft Office SharePoint, enabling authenticated attackers to execute arbitrary code over a network. Microsoft addressed this issue in May 2026, releasing patches for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

Notably, exploitation of this vulnerability does not require administrative privileges. An attacker with minimal Site Member permissions can leverage this flaw to execute code remotely on the SharePoint Server. This low barrier to exploitation underscores the critical need for prompt remediation.

In response to the active exploitation, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary fixes by July 4, 2026. While specific details regarding the exploitation methods, responsible parties, and objectives remain undisclosed, the inclusion of CVE-2026-45659 in the KEV catalog highlights the urgency of addressing this security risk.

Organizations utilizing affected versions of SharePoint Server are strongly advised to implement the available patches without delay. Given the potential for unauthorized code execution and the associated risks to data integrity and system availability, timely action is essential to mitigate potential threats.

In the broader context, this development serves as a reminder of the persistent challenges in securing widely used enterprise applications. The exploitation of CVE-2026-45659 underscores the importance of proactive vulnerability management and the need for organizations to stay vigilant against emerging threats. As attackers continue to exploit known vulnerabilities, maintaining up-to-date systems and adhering to best security practices remain paramount in safeguarding organizational assets.