## Overview
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) list on July 1, 2026. This vulnerability affects Microsoft SharePoint Server and allows an authorized attacker to execute code over a network through deserialization of untrusted data. The addition to the KEV list indicates a heightened risk and a federal deadline for remediation.
## Technical Details
CVE-2026-45659 is classified with a CVSS score of 8.8, indicating a high severity level. The vulnerability arises from improper handling of untrusted data during deserialization processes. Attackers with valid credentials can exploit this weakness to run arbitrary code on affected systems. Evidence of exploitation has been observed, prompting the urgency of this KEV addition.
## Impact
Successful exploitation of CVE-2026-45659 can lead to unauthorized access and control over SharePoint Server instances. This may result in data breaches, loss of integrity, and potential lateral movement within the network. Organizations using affected versions of SharePoint Server should prioritize addressing this vulnerability to mitigate risks.
## Mitigation
Defenders should immediately apply security patches released by Microsoft to remediate CVE-2026-45659. It is crucial to review access controls and monitor for any suspicious activity related to SharePoint Server. Regular updates and security audits can further enhance protection against potential exploitation.
CSURFACE Threat Sensor