logo

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

ID: 429fa010-af2a-5b37-b59e-b271228359ef

STIX ID: report--429fa010-af2a-5b37-b59e-b271228359ef

Feed Name: The Hacker News

Threat Score
78/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: [email protected] (The Hacker News)

...
...

CISA added CVE-2026-45659 (SharePoint Server deserialization RCE, CVSS 8.8) to its Known Exploited Vulnerabilities list citing active exploitation and urging agencies to patch; Microsoft’s investigation also revealed overlapping ransomware activity by Storm-2603 deploying Warlock and a separate actor using DLL side-loading and custom backdoors, with techniques including Velociraptor, Cloudflare tunneling, Zoho Assist, SSH via VS Code, privilege escalation and a vulnerable driver (NSecKrnl.sys) to evade security controls.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.