
CISA Adds Microsoft SharePoint Server RCE Vulnerability to Exploited Catalog Due to Active Attacks
CybersecurityVulnerabilitiesExploitsSoftwareSecurity
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity remote code execution (RCE) vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday, citing active exploitation. The flaw, tracked as CVE-2026-45659 with a CVSS score of 8.8, stems from the deserialization of untrusted data. No specific date for the vulnerability's discovery or exploitation was provided. The inclusion in the KEV catalog indicates confirmed malicious use in the wild. Microsoft SharePoint Server is the affected product, though versions were not specified.