// NEXUSVOID CYBER NEWS

<- ALL CYBER NEWS

Critical

Microsoft, SharePoint, KEV, RCE, actively exploited

SharePoint RCE CVE-2026-45659 Is Being Actively Exploited - CISA Says Patch Now

CISA added CVE-2026-45659, a remote code execution flaw in Microsoft SharePoint Server (CVSS 8.8), to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. If you run on-prem SharePoint, this is now a patch-today situation.

BRIEFING · Fast coverage. Original reporting credited below.

What happened: CISA added CVE-2026-45659, a remote code execution vulnerability in Microsoft SharePoint Server rated CVSS 8.8, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation, as reported by The Hacker News.

Why it matters: A KEV listing is not an advisory formality - it means exploitation is confirmed in the wild, and US federal agencies are now on a mandatory remediation clock. SharePoint servers sit deep inside corporate networks and hold exactly the documents attackers want. Our analysis of 2025 KEV data found the median gap between disclosure and confirmed exploitation is 26 days - and anything on an annual or quarterly testing cycle will simply never check for this before attackers do.

What to do now:

  • Apply Microsoft's patch for CVE-2026-45659 to all on-premises SharePoint servers immediately

  • If you cannot patch today, restrict SharePoint's exposure to the internet and monitor for anomalous web shell activity

  • Check whether your SharePoint servers were already exposed: KEV listings typically lag first exploitation, so assume the window opened before the headline

  • If you use SharePoint Online (Microsoft 365), this on-prem CVE does not apply to you

Sources: The Hacker News · CISA KEV catalog

Liked this briefing? Share it:

More briefings

Related posts appear on the live page
Get the briefings first
Breaking security news, verified fast, with the one fact the headlines skip. No spam - unsubscribe anytime.