🔴 Critical | Source: The Hacker News
A high-severity remote code execution vulnerability in Microsoft SharePoint Server (CVE-2026-45659, CVSS 8.8) has been added to CISA’s Known Exploited Vulnerabilities catalogue following confirmed active exploitation in the wild. The flaw stems from insecure deserialisation of untrusted data, a class of bug that allows attackers to execute arbitrary code on affected servers. SharePoint’s widespread use in enterprise environments makes this a significant risk for organisations that have not yet patched.
Security Architect’s Take: Prioritise patching all internet-facing and internally accessible SharePoint Server instances immediately, treating CISA KEV listing as a hard deadline trigger — US federal agencies must comply within CISA’s binding deadline, but all organisations should treat this with equivalent urgency. Additionally, review network segmentation to ensure SharePoint servers cannot be reached directly from untrusted networks, and check WAF or reverse-proxy rules for deserialisation-based attack patterns as a temporary mitigating control.
Original advisory: SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation