• Category: Security
  • Status: confirmed
  • Sources: MSRC advisory, CISA KEV, NVD, Help Net Security
  • Summary: CISA added CVE-2026-45659 to the Known Exploited Vulnerabilities catalog on 2026-07-01 (catalog version 2026.07.01, count 1631), confirming active exploitation. The flaw is a CWE-502 deserialization of untrusted data in on-premises SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, CVSS 8.8, network-reachable with low attack complexity and no user interaction. An attacker with Site Member permissions can execute code on the server. Microsoft patched it in the May 2026 Patch Tuesday (KB5002863, KB5002870, KB5002868).
  • Why it matters: SharePoint is widely deployed enterprise infrastructure, and the federal remediation deadline is 2026-07-04, so unpatched on-premises servers need immediate attention.
  • Follow-up: Watch for confirmed RCE chains, ransomware follow-on (KEV lists ransomware use as unknown), and internet-exposure scans.

Send feedback on this story