CISA has flagged a Microsoft SharePoint flaw as actively exploited, and the real story for defenders is how quickly on-prem patching can become an exposure crisis.
A May Microsoft fix has already become a live defensive problem, with public vulnerability records pointing to a high-severity SharePoint server flaw now under attack.
A new KEV entry for a Microsoft SharePoint Server vulnerability shifts the issue from routine patching to urgent exposure control for on-prem defenders.
CISA’s addition of CVE-2026-45659 to its exploited-vulnerability catalog puts Microsoft SharePoint Server operators on a short clock, with deserialization risk now treated as an active threat rather than a routine patch item.
CISA’s move puts CVE-2026-45659 in the exploited-in-the-wild bucket, turning an on-premises SharePoint flaw into an urgent patch and hunt problem.
CVE-2026-45659 puts Microsoft SharePoint Server back in the spotlight, with a flaw that can let an authorized attacker push code over the network and force defenders to think beyond patching alone.
Microsoft has pushed out a fix for CVE-2026-45659, an important-severity SharePoint server flaw tied to unsafe deserialization and a CVSS 8.8 score.
CVE-2026-45659 shows how a network-reachable flaw in a trusted collaboration platform can turn routine access into a serious server-side risk.
Despite urgent warnings, hundreds of organizations are exposing critical business data to active cyber threats by failing to patch a dangerous SharePoint vulnerability.