// NEXUSVOID CYBER NEWS
<- ALL CYBER NEWS
Critical
Microsoft, SharePoint, KEV, RCE, actively exploited
SharePoint RCE CVE-2026-45659 Is Being Actively Exploited - CISA Says Patch Now
CISA added CVE-2026-45659, a remote code execution flaw in Microsoft SharePoint Server (CVSS 8.8), to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. If you run on-prem SharePoint, this is now a patch-today situation.
BRIEFING · Fast coverage. Original reporting credited below.
What happened: CISA added CVE-2026-45659, a remote code execution vulnerability in Microsoft SharePoint Server rated CVSS 8.8, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation, as reported by The Hacker News.
Why it matters: A KEV listing is not an advisory formality - it means exploitation is confirmed in the wild, and US federal agencies are now on a mandatory remediation clock. SharePoint servers sit deep inside corporate networks and hold exactly the documents attackers want. Our analysis of 2025 KEV data found the median gap between disclosure and confirmed exploitation is 26 days - and anything on an annual or quarterly testing cycle will simply never check for this before attackers do.
What to do now:
Apply Microsoft's patch for CVE-2026-45659 to all on-premises SharePoint servers immediately
If you cannot patch today, restrict SharePoint's exposure to the internet and monitor for anomalous web shell activity
Check whether your SharePoint servers were already exposed: KEV listings typically lag first exploitation, so assume the window opened before the headline
If you use SharePoint Online (Microsoft 365), this on-prem CVE does not apply to you
Sources: The Hacker News · CISA KEV catalog