Microsoft said exploitation was 'less likely' ... but CISA just added SharePoint RCE to KEV list
ID: 3f338ff4-32f1-50be-ae27-88a72ce12a97
STIX ID: report--3f338ff4-32f1-50be-ae27-88a72ce12a97
Feed Name: The Register (Security)
CVE-2026-45659 is an insecure-deserialization RCE affecting on-premises Microsoft SharePoint Server (Subscription Edition, 2019, and 2016) patched in May; CISA added it to its Known Exploited Vulnerabilities catalogue after confirming active exploitation. Microsoft notes an authenticated attacker with only Site Member permissions can remotely execute arbitrary code, the flaw has CVSS 8.8 and low attack complexity, and federal agencies were directed to apply fixes or discontinue affected systems by July 4.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
