SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
CISA added CVE-2026-45659, a high-severity Microsoft SharePoint Server remote code execution flaw, to its Known Exploited Vulnerabilities catalog after finding evidence of active exploitation. Microsoft also reported overlapping attack activity involving Storm-2603, Warlock ransomware, and a separate threat actor using stealthy persistence and lateral movement techniques. #CVE-2026-45659 #MicrosoftSharePointServer #Storm-2603 #Warlock #GladinetTriofox

Keypoints

  • CISA added CVE-2026-45659 to the KEV catalog due to active exploitation.
  • The flaw affects Microsoft SharePoint Server and can enable remote code execution.
  • Microsoft fixed the issue in May 2026 for SharePoint Server 2016, 2019, and Subscription Edition.
  • Federal Civilian Executive Branch agencies must apply the patch by July 4, 2026.
  • Microsoft found parallel attacker activity, including Storm-2603, Warlock ransomware, and a second hidden threat actor.

Read More: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html