Active Exploitation of CVE-2026-45659 in Microsoft SharePoint
Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access
Summary
Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2026-45659
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) Catalog.
The NHS England National CSOC assesses further exploitation as highly likely.
Introduction
Microsoft has released security updates to address a high severity vulnerability in SharePoint Server. Successful exploitation of CVE-2026-45659 could allow an authorised attacker to achieve remote code execution on SharePoint servers via authenticated network access.
- CVE-2026-45659 - Deserialisation of Untrusted Data vulnerability - CVSS v3.1 score - 8.8
Remediation advice
Affected organisations are encouraged to review Microsoft's Security Update Guide - CVE-2026-45659 advisory and apply the relevant update as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 2 July 2026 1:50 pm