SYS::ONLINE
Wasteland.
Briefs1077
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-45659 2026-07-01

Microsoft SharePoint Server Deserialization Flaw (CVE-2026-45659) Added to CISA KEV

"CVE-2026-45659 is a deserialization of untrusted data vulnerability in Microsoft SharePoint Server that lets an authorized attacker execute code over a network, now confirmed as actively exploited by CISA."

CVE-2026-45659 is a deserialization of untrusted data vulnerability in Microsoft SharePoint Server that lets an authorized attacker execute code over a network, now confirmed as actively exploited by CISA.

What Is It

CVE-2026-45659 is a deserialization of untrusted data weakness (CWE-502) in Microsoft Office SharePoint. According to Microsoft and NVD, it allows an authorized attacker to execute code over a network. The flaw carries a CVSS 3.1 base score of 8.8 (HIGH), with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, network attack vector, low complexity, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability.

Why It Matters

CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog on 2026-07-01, and NVD's SSVC assessment marks exploitation status as "active" with a technical impact of "total." Because the vulnerability enables network-based code execution against SharePoint, a widely deployed collaboration platform, confirmed active exploitation makes it a priority for remediation. Known ransomware campaign use is currently listed as Unknown.

What's Vulnerable

The following Microsoft products (x64-based systems) are affected:

Patch Status

CISA's required action is to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA's BOD 26-04 (Prioritizing Security Updates Based on Risk) guidance and CISA's "Forensics Triage Requirements." For cloud services, follow applicable BOD 26-04 guidance, or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and adhering to BOD 26-04 patching guidelines. The remediation due date is 2026-07-04. Refer to the Microsoft advisory for update details.

Sources