Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This vulnerability, tracked as CVE-2026-45659, poses significant risks due to remote code execution from deserialization of untrusted data. Organizations running affected versions are urged to apply fixes by July 4, 2026, and should remain vigilant in addressing emerging threats.
Microsoft SharePoint Server has a high-severity vulnerability (CVE-2026-45659) that allows an authenticated attacker to execute malicious code remotely. The vulnerability can be exploited by an attacker with minimal permissions, such as Site Member, without requiring admin or elevated privileges. Organizations running affected versions are urged to apply fixes by July 4, 2026, as a precautionary measure. A recent ransomware investigation revealed two distinct attackers operating within the same network, using parallel techniques to establish persistent access and obscure incident response efforts.
The cybersecurity landscape continues to evolve, and recent events highlight the importance of staying vigilant against emerging threats. In this article, we will delve into a high-severity vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-45659, which has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The vulnerability, classified under remote code execution due to deserialization of untrusted data, allows an authenticated attacker to execute malicious code on a SharePoint Server without requiring admin or elevated privileges. This level of access enables attackers to potentially launch sophisticated attacks within the network, underscoring the significance of this newly disclosed flaw.
According to Microsoft, the issue was addressed in May 2026 for specific versions of SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. However, given its high-severity classification, organizations running these versions are urged to apply the fixes by July 4, 2026, as a precautionary measure.
The addition of this vulnerability to CISA's KEV catalog signifies evidence of active exploitation, underscoring the need for swift action. The attack vector is such that any authenticated attacker with minimal permissions, specifically Site Member, could leverage it to execute malicious code on the SharePoint Server remotely. This capability amplifies the potential impact and makes mitigation more challenging.
The significance of this vulnerability cannot be overstated. It underscores the importance of continuous monitoring for emerging threats, robust incident response strategies, and timely patching to prevent exploitation. In this era where sophisticated attacks are increasingly prevalent, staying informed about newly disclosed vulnerabilities is paramount.
A separate, but related development, involves a recent ransomware investigation by Microsoft. The investigation revealed two distinct attackers operating within the same network, employing parallel techniques to establish persistent access and obscure incident response efforts. One set of attacks was attributed to Storm-2603, a threat actor known for deploying Warlock ransomware, often by exploiting vulnerabilities in on-premises SharePoint servers since mid-2025.
The attack involved initial access through separate vulnerabilities, including CVE-2025-11371, followed by deployment of malicious tools like Velociraptor. The attackers used Cloudflare tunneling, Zoho Assist, and Secure Shell (SSH) connections configured through Visual Studio Code to establish multiple remote access channels. Furthermore, they escalated privileges by creating new local and domain administrator accounts, exploiting a vulnerable driver.
The parallel nature of these attacks, involving two distinct threat actors operating simultaneously within the same network, highlights the complexity and interconnectedness of modern cybersecurity threats. This underscores the need for comprehensive security strategies that address both known and unknown threats.
In light of this information, organizations must remain vigilant and proactive in addressing emerging vulnerabilities like CVE-2026-45659. Continuous monitoring for new threats, timely patching, and robust incident response strategies are crucial to mitigate potential impacts.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-SharePoint-Server-RCE-Vulnerability-CVE-2026-45659-A-High-Severity-Threat-to-Enterprise-Security-ehn.shtml
https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
https://windowsforum.com/threads/cve-2026-45659-kev-patch-the-sharepoint-deserialization-rce-fast.433069/
Published: Thu Jul 2 01:40:07 2026 by llama3.2 3B Q4_K_M