The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert concerning the active exploitation of a critical vulnerability in Microsoft SharePoint Server. This announcement was made on Wednesday, underscoring the urgency of the situation.
Details of the Vulnerability
Identified as a deserialization of untrusted data flaw, this security issue allows attackers with authentication to execute arbitrary code on compromised SharePoint servers. Tracked as CVE-2026-45659, this vulnerability carries a high severity rating with a CVSS score of 8.8. Microsoft addressed this issue with an emergency security update released in late May.
According to Microsoft’s findings, the vulnerability can be exploited by attackers possessing at least Site Member permissions, without needing elevated access. The company highlighted the ease with which the flaw can be exploited, noting that attackers do not require deep technical knowledge of the system to successfully execute attacks repeatedly.
Impacted SharePoint Versions
The affected versions include SharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Enterprise Server 2016. Microsoft has emphasized the critical nature of applying the security patches provided to mitigate potential risks.
As part of its efforts to manage security vulnerabilities, CISA has added this particular flaw, CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have been instructed to patch the vulnerability within three days, following the directives of Binding Operational Directive (BOD) 26-04.
Recommendations and Broader Context
While CISA has not disclosed specifics about observed attacks exploiting this vulnerability, it is crucial for all organizations to implement Microsoft’s security patches promptly. SharePoint is a critical component for document sharing and collaboration within numerous enterprises, making it a frequent target for attackers.
This alert follows previous incidents where Microsoft patched a zero-day vulnerability in SharePoint in April, and another flaw in March that was being actively targeted. These incidents highlight the ongoing challenge of securing widely-used enterprise software.
Related security updates include Adobe addressing critical vulnerabilities in ColdFusion and Campaign Classic, Citrix patching NetScaler vulnerabilities, and Apple and Google releasing updates for multiple products.
