Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft SharePoint Server vulnerability, CVE-2026-45659, to its Known Exploited Vulnerabilities catalog. The high-severity flaw carries a CVSS score of 8.8 and can be exploited by attackers with low-privilege access to SharePoint servers, highlighting the urgent need for patching updates as soon as possible.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft SharePoint Server vulnerability to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8 and is classified as high-severity. Experts advise against delaying patching due to the risk of exploitation even with current knowledge of the flaw. CISA orders federal agencies to fix the vulnerability by July 4, 2026. Private organizations are urged to review the CISA catalog and address the vulnerabilities in their infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft SharePoint Server vulnerability to its Known Exploited Vulnerabilities catalog, highlighting the urgent need for organizations using the software to apply security updates as soon as possible.
The newly identified flaw, tracked as CVE-2026-45659, carries a CVSS score of 8.8 and is classified as high-severity, making it a serious risk for unpatched systems. According to CISA, the vulnerability arises from deserialization of untrusted data in Microsoft Office SharePoint, which allows an authorized attacker to execute code over a network.
In a network-based attack, an authenticated attacker with minimum Site Member permissions can remotely execute code on the SharePoint Server. This indicates that even low-privilege users can potentially exploit the vulnerability if they have network access and a valid SharePoint account.
The vulnerability was discovered and reported by researcher MEOW. Fortunately, patches are now available for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. However, experts advise against delaying patching, as exploitation is still possible even with the current knowledge of the flaw.
CISA orders federal agencies to fix the vulnerability by the end of this week, on July 4, 2026. Meanwhile, private organizations are also urged to review the CISA catalog and address the vulnerabilities in their infrastructure to prevent attacks exploiting the identified flaws.
This development comes on the heels of another Microsoft SharePoint Server flaw added to the CISA catalog, CVE-2026-32201, which was identified just a few months prior.
The ongoing vulnerability adds weight to the growing concern about the widespread exploitation of known security weaknesses by malicious actors. It is imperative that organizations prioritize patching and keep their systems up-to-date to prevent such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-SharePoint-Server-Flaw-Sparks-Urgent-Patching-Alert-from-CISA-ehn.shtml
https://securityaffairs.com/194654/security/u-s-cisa-adds-a-microsoft-sharepoint-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2026-45659
https://www.cvedetails.com/cve/CVE-2026-45659/
https://nvd.nist.gov/vuln/detail/CVE-2026-32201
https://www.cvedetails.com/cve/CVE-2026-32201/
Published: Thu Jul 2 11:33:09 2026 by llama3.2 3B Q4_K_M