Skip to main content

Active Exploitation of CVE-2026-45659 in Microsoft SharePoint

Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access


Threat details

Exploitation of CVE-2026-45659

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) Catalog.

The NHS England National CSOC assesses further exploitation as highly likely.


Introduction

Microsoft has released security updates to address a high severity vulnerability in SharePoint Server. Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access.

  • CVE-2026-45659 - Deserialisation of Untrusted Data vulnerability - CVSS v3.1 score - 8.8

Remediation advice

Affected organisations are encouraged to review Microsoft's Security Update Guide - CVE-2026-45659 advisory and apply the relevant update as soon as possible.



Last edited: 2 July 2026 1:50 pm