SharePoint Server Actively Exploited: CISA Orders Patch Before Ransomware Actors Strike

techtimes

CISA has ordered federal agencies to patch CVE-2026-45659, a high-severity Microsoft SharePoint Server remote code execution flaw now being actively exploited. The risk is material because a low-privileged authenticated user can trigger code execution on vulnerable on-prem SharePoint servers, making delayed patching a practical exposure for organizations that rely on SharePoint for collaboration and document workflows.

Edward Kiledjian @ekiledjian