cybersecurity
CISA says Sharepoint bug CVE-2026-45659 is being exploited in the wild.
A remote code execution flaw in Microsoft's SharePoint servers is being exploited in the wild.
US cybersecurity agency CISA has told federal organisations they must patch by Saturday, July 4. Happy Independence day.
The RCE vulnerability has a CVSS score of 8.8 and was added to the Known Exploited Vulnerability catalogue on Thursday, July 1.
Microsoft released a patch for CVE-2026-45659, which is described as a "deserialization of untrusted data in Microsoft Office SharePoint" on May 21. Per Redmond's advisory, an attacker can achieve remote code execution via network access. The vulnerability has low attack complexity, low privileges required, and needs no user interaction.
Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.
Already a member? Sign in