CISA added CVE-2026-45659, a high-severity Microsoft SharePoint Server remote code execution flaw, to its Known Exploited Vulnerabilities catalog after finding evidence of active exploitation. Microsoft also reported overlapping attack activity involving Storm-2603, Warlock ransomware, and a separate threat actor using stealthy persistence and lateral movement techniques. #CVE-2026-45659 #MicrosoftSharePointServer #Storm-2603 #Warlock #GladinetTriofox
Keypoints
- CISA added CVE-2026-45659 to the KEV catalog due to active exploitation.
- The flaw affects Microsoft SharePoint Server and can enable remote code execution.
- Microsoft fixed the issue in May 2026 for SharePoint Server 2016, 2019, and Subscription Edition.
- Federal Civilian Executive Branch agencies must apply the patch by July 4, 2026.
- Microsoft found parallel attacker activity, including Storm-2603, Warlock ransomware, and a second hidden threat actor.
Read More: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html