Security agencies urge organizations to apply Microsoft's fixes for an exploited on-premises SharePoint server vulnerability.
Key Takeaways:
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are actively exploiting a high-severity vulnerability in Microsoft SharePoint. Organizations running affected SharePoint deployments should prioritize applying Microsoft’s security updates as soon as possible to prevent potential server compromise.
CVE-2026-45659 is a high-severity remote code execution (RCE) vulnerability affecting on-premises Microsoft SharePoint Server. The flaw is caused by the insecure deserialization of untrusted data, which means SharePoint can improperly process specially crafted data supplied by an authenticated user. An attacker with only basic SharePoint permissions (such as a standard Site Member account) can exploit this weakness to run arbitrary code on the target server without requiring administrator privileges.
“The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component,” Microsoft explained.
This critical vulnerability carries a CVSS score of 8.8, and it affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft released security updates to address this SharePoint flaw on May 21.
CISA has recently added this vulnerability to its Known Exploited Vulnerabilities Catalog (KEV). The agency has been ordered to follow Binding Operational Directive 26-04 by applying Microsoft’s fixes until July 4.
Earlier this year, Microsoft warned that more than 1,300 internet-facing SharePoint servers remain exposed to the CVE-2026-32201 vulnerability. The flaw allows remote threat actors to impersonate trusted users or services, which potentially leads to unauthorized access and manipulation of sensitive business data.