SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

A Critical SharePoint Vulnerability Has Been Actively Exploited, Leaving Thousands of Organizations Exposed

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability, CVE-2026-45659, to its Known Exploitable Vulnerabilities catalog. This remote code execution (RCE) flaw affects SharePoint, a widely used collaboration platform, and has already been exploited by attackers in the wild.

The vulnerability was discovered through an AI-powered security tool that analyzed network traffic patterns and identified potential weaknesses in popular software applications. The AI model used machine learning algorithms to simulate attacks on various systems, including SharePoint, and uncovered this critical RCE flaw. The research team subsequently reported their findings to Microsoft, which issued a patch to address the issue.

The CVE-2026-45659 vulnerability is particularly concerning due to its ease of exploitation and potential impact on organizations that rely heavily on SharePoint for collaboration and document management. Attackers can exploit this flaw by sending a specially crafted URL to an affected SharePoint server, allowing them to execute arbitrary code with elevated privileges. This could lead to data breaches, system compromise, or even ransomware attacks.

Microsoft has released patches for various versions of SharePoint, including SharePoint Server 2019, SharePoint Online, and SharePoint Foundation 2013. However, the fact that this vulnerability has already been exploited by attackers suggests that some organizations may not have applied the necessary updates in a timely manner. Given the widespread use of SharePoint across industries, it’s essential for IT administrators to ensure their systems are up-to-date with the latest security patches.

The inclusion of CVE-2026-45659 in CISA’s Known Exploitable Vulnerabilities catalog serves as a warning to organizations that have not yet patched this vulnerability. The agency’s KEV catalog is designed to provide a centralized resource for identifying and prioritizing vulnerabilities based on their exploitability and potential impact. By acknowledging the existence of this vulnerability, CISA is urging organizations to take immediate action to protect themselves against potential attacks.

To safeguard your organization against software vulnerabilities discovered by AI models like this one, consider implementing the following best practices: regularly update software applications with the latest security patches, use a robust vulnerability scanning tool to identify potential weaknesses, and train your IT staff on the importance of patch management and vulnerability remediation. By taking proactive steps to address vulnerabilities, you can reduce the risk of a successful attack and protect your organization’s sensitive data.


Source: The Hacker News — 2026-07-02