tlder@devPatch by July 4: SharePoint RCE CVE-2026-45659 Under Active Exploitation
tlder@dev:~$
Security/CVEs/Advisories

Patch by July 4: SharePoint RCE CVE-2026-45659 Under Active Exploitation

  • Deadline
  • Action required
  • High importance

Any user with Site Member permissions can trigger this one over the network — no admin rights required. The deserialization flaw in SharePoint Server earned an 8.8 CVSS score, and active exploitation was confirmed before CISA added it to the KEV catalog. SharePoint has been a persistent target — Storm-2603 previously used footholds in the platform to deploy Warlock ransomware, and deserialization paths keep surfacing as the attack vector. FCEB agencies have until July 4 to patch. If your organization follows CISA KEV timelines voluntarily — or if SharePoint is internet-exposed — that deadline applies in practice regardless of agency status. Prioritize patching over the holiday window rather than letting it slip to Monday.