The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability in Microsoft SharePoint Server that is currently being exploited by threat actors. This security flaw, identified as CVE-2026-45659, is a deserialization of untrusted data bug that allows authenticated attackers to execute arbitrary code on compromised SharePoint servers. The vulnerability holds a CVSS score of 8.8, indicating its high severity, and was addressed by Microsoft with an out-of-band security update in late May.

Attackers can exploit this vulnerability with minimal permissions, specifically Site Member permissions, making it relatively easy to exploit. Microsoft has highlighted that attackers do not need significant prior knowledge of the system, making repeatable attacks feasible against vulnerable components. The affected versions include SharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Enterprise Server 2016.

CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog and has mandated that federal agencies patch this vulnerability within three days, as per Binding Operational Directive 26-04. While no specific details about ongoing attacks have been shared, the urgency of CISA's warning suggests active exploitation in the wild.

Organizations are strongly advised to apply Microsoft's patches promptly to protect their systems. SharePoint is integral to enterprise document sharing and collaboration, making it a frequent target for attackers. Recently, Microsoft has addressed other SharePoint vulnerabilities, highlighting the need for organizations to remain vigilant and proactive in securing their systems.