SharePoint RCE CVE-2026-45659 Added to CISA KEV Catalog Amid Active Exploitation
Microsoft SharePoint Server deserialization flaw CVE-2026-45659 (CVSS 8.8) added to CISA's Known Exploited Vulnerabilities catalog; FCEB agencies ordered to patch by July 4, 2026.
Attack Brief
TargetMicrosoft SharePoint ServerVectorDeserialization of untrusted data leading to remote code executionAttributionunattributed
Technical Details
CVE IDsCVE-2026-45659CVE-2025-11371MITRE ATT&CKT1190AffectedSharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Enterprise Server 2016
Impact
SectorsFederal Civilian Executive BranchConfirmed DamageActive exploitation confirmed; remote code execution capability
Mitigation
PatchesMicrosoft security update released May 2026
Context
Previous CampaignsStorm-2603 threat actor has exploited on-premises SharePoint vulnerabilities since mid-2025, deploying Warlock ransomware; parallel intrusion activity uncovered June 2026 involving Velociraptor DFIR tool abuse, Cloudflare tunneling, Zoho Assist, and SSH access via Visual Studio Code
Source
https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.htmlby The Hacker Newson 2026-07-02T00:00:00Z2 sources