logo

CISA warns admins to patch actively exploited SharePoint flaws

ID: f9c3b041-3c08-5237-8caf-25627eeae514

STIX ID: report--f9c3b041-3c08-5237-8caf-25627eeae514

Feed Name: Bleeping Computer

Threat Score
78/100

Date Published: 2026-07-15

Date Updated: 2026-07-15

Author: Sergiu Gatlan

...
...

CISA warns that attackers are actively exploiting three critical SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, CVE-2026-56164) enabling authentication bypass, remote code execution, and post-exploitation actions such as stealing IIS machine keys and establishing persistence. The advisory notes thousands of Internet-exposed SharePoint instances (Shadowserver: ~10,000) with hundreds unpatched, adds the flaws to CISA's Known Exploited Vulnerabilities Catalog, and urges immediate patching, monitoring, AMSI/MDAV use, access restrictions, and other hardening steps; federal agencies were given a remediation deadline under BOD 26-04.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.