CISA Flags SharePoint RCE (CVE-2026-45659) for Active Exploitation
ID: c0f8fb28-81f6-5dda-9f44-1decef962ec8
STIX ID: report--c0f8fb28-81f6-5dda-9f44-1decef962ec8
Feed Name: SOCRadar Blog
Threat Score
# Executive summary: CISA flagged CVE-2026-45659 for active exploitation; it is an on‑prem SharePoint deserialization RCE (CVSS 8.8). Organizations must patch affected SharePoint Server builds by the CISA due date, verify farm-wide consistency, restrict Site Member access and external sharing, and increase behavior-based monitoring for IIS/SharePoint anomalies.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
