CVE-2026-45659 is a deserialization of untrusted data vulnerability in Microsoft SharePoint Server that lets an authorized attacker execute code over a network, now confirmed as actively exploited by CISA.
What Is It
CVE-2026-45659 is a deserialization of untrusted data weakness (CWE-502) in Microsoft Office SharePoint. According to Microsoft and NVD, it allows an authorized attacker to execute code over a network. The flaw carries a CVSS 3.1 base score of 8.8 (HIGH), with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, network attack vector, low complexity, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.
Why It Matters
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog on 2026-07-01, and NVD's SSVC assessment marks exploitation status as "active" with a technical impact of "total." Because the vulnerability enables network-based code execution against SharePoint, a widely deployed collaboration platform, confirmed active exploitation makes it a priority for remediation. Known ransomware campaign use is currently listed as Unknown.
What's Vulnerable
The following Microsoft products (x64-based systems) are affected:
- Microsoft SharePoint Enterprise Server 2016; versions before 16.0.5552.1002
- Microsoft SharePoint Server 2019; versions before 16.0.10417.20128
- Microsoft SharePoint Server Subscription Edition; versions before 16.0.19725.20280
Patch Status
CISA's required action is to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA's BOD 26-04 (Prioritizing Security Updates Based on Risk) guidance and CISA's "Forensics Triage Requirements." For cloud services, follow applicable BOD 26-04 guidance, or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and adhering to BOD 26-04 patching guidelines. The remediation due date is 2026-07-04. Refer to the Microsoft advisory for update details.
Sources
- Microsoft Security Response Center; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659
- NVD, https://nvd.nist.gov/vuln/detail/CVE-2026-45659
- CISA Known Exploited Vulnerabilities Catalog; https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45659
- CISA BOD 26-04; https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk