CISA adds actively exploited SharePoint RCE flaw to KEV catalog after Microsoft downplayed risk
By
Published thu 2 Jul 2026 // 15:40 UTC
Summary
CISA has added CVE-2026-45659, a remote code execution vulnerability in on-premises Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. The flaw, stemming from an insecure deserialization issue, affects SharePoint Server Subscription Edition, 2019, and 2016. This contradicts Microsoft's earlier assessment that exploitation was 'less likely.' Attackers need only a valid SharePoint account to execute code on vulnerable on-premises servers.
Source
Key quotes
· 3 pulledMicrosoft's prediction that attackers probably wouldn't rush to exploit a newly-patched SharePoint bug hasn't aged especially well.
CISA has added CVE-2026-45659, a remote code execution flaw in on-premises Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) catalog after confirming that crimes are now actively exploiting it in the wild.
Attackers need little more than a valid SharePoint account to execute code on vulnerable on-prem servers
You might also wanna read
Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution
The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr
Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js
A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and
CVE-2026-45185 (Dead.Letter): Unauthenticated RCE in Exim Discovered by XBOW
XBOW discovered CVE-2026-45185, a critical unauthenticated remote code execution vulnerability in Exim mail server. The article details the
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Comments
Sign in to join the conversation.
No comments yet. Be the first.