{"id":14026,"date":"2026-07-02T10:03:40","date_gmt":"2026-07-02T10:03:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/02\/cisa-warns-of-microsoft-sharepoint-server-code-execution-vulnerability-exploited-in-attacks\/"},"modified":"2026-07-02T10:03:40","modified_gmt":"2026-07-02T10:03:40","slug":"cisa-warns-of-microsoft-sharepoint-server-code-execution-vulnerability-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/02\/cisa-warns-of-microsoft-sharepoint-server-code-execution-vulnerability-exploited-in-attacks\/","title":{"rendered":"CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks"},"content":{"rendered":"<p>    CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, <a href=\"https:\/\/cybersecuritynews.com\/sharepoint-server-rce-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">tracked as CVE-2026-45659<\/a>, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerability is a deserialization of untrusted data issue (CWE-502) that allows an authenticated attacker to execute arbitrary code remotely over the network.<\/p>\n<p class=\"wp-block-paragraph\">The flaw affects on-premises Microsoft SharePoint Server deployments. It poses a significant risk to enterprise environments that rely on SharePoint for collaboration and document management.<\/p>\n<p class=\"wp-block-paragraph\">According to CISA, the vulnerability enables attackers with valid access to craft<a href=\"https:\/\/cybersecuritynews.com\/vllm-vulnerability-enables-remote-code-execution\/\" target=\"_blank\" rel=\"noreferrer noopener\"> malicious serialized payloads<\/a> that are processed by the SharePoint server, ultimately leading to remote code execution (RCE).<\/p>\n<h2 id=\"h-sharepoint-server-rce-vulnerability-exploited\" class=\"wp-block-heading\"><strong>SharePoint Server RCE Vulnerability Exploited<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">This type of vulnerability is particularly dangerous because it can bypass traditional security controls when exploited through legitimate user contexts.<\/p>\n<p class=\"wp-block-paragraph\">The agency added CVE-2026-45659 to the KEV catalog on July 1, 2026, with a remediation deadline of July 4, 2026, highlighting the urgency for federal agencies and organizations to address the issue immediately.<\/p>\n<p class=\"wp-block-paragraph\">While there is currently no confirmed evidence linking the flaw to ransomware campaigns, active exploitation in the wild significantly elevates its risk profile.<\/p>\n<p class=\"wp-block-paragraph\">CISA has instructed organizations to follow vendor-provided mitigation guidance and comply with Binding Operational Directive (BOD) 26-04, which emphasizes risk-based prioritization of security updates.<\/p>\n<p class=\"wp-block-paragraph\">Organizations are also advised to assess internet <a href=\"https:\/\/cybersecuritynews.com\/1370-sharepoint-servers-vulnerable\/\" target=\"_blank\" rel=\"noreferrer noopener\">exposure of affected SharePoint servers<\/a> and apply patches or mitigations without delay.<\/p>\n<p class=\"wp-block-paragraph\">Security experts note that deserialization vulnerabilities have historically been a common attack vector in enterprise applications.<\/p>\n<p class=\"wp-block-paragraph\">In this case, an attacker could leverage stolen or low-privilege credentials to gain initial access and then escalate their impact by executing arbitrary code on the server.<\/p>\n<p class=\"wp-block-paragraph\">For example, a compromised user account could be used to submit a malicious request that triggers the vulnerable deserialization process, allowing attackers to deploy web shells or establish persistent access.<\/p>\n<p class=\"wp-block-paragraph\">CISA further recommends that organizations implement forensic triage procedures to detect potential compromise.<\/p>\n<p class=\"wp-block-paragraph\">Indicators may include unusual SharePoint activity, unexpected process execution, or anomalous network traffic originating from SharePoint servers.<\/p>\n<p class=\"wp-block-paragraph\">The KEV catalog serves as a critical resource for defenders, providing a curated list of vulnerabilities known to be exploited in active attacks.<\/p>\n<p class=\"wp-block-paragraph\">By prioritizing remediation of <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KEV-listed vulnerabilities<\/a> such as CVE-2026-45659, organizations can significantly reduce their exposure to ongoing threat campaigns.<\/p>\n<p class=\"wp-block-paragraph\">Given the short remediation window and active exploitation status, cybersecurity teams should treat this vulnerability as a high-priority patching requirement. Failure to act promptly could expose sensitive enterprise data and internal systems to compromise.<\/p>\n<div style=\"background:#eaf6ff;border:1px solid #c8e3f6;border-radius:10px;padding:10px 25px;text-align:center;margin:40px 0;\">\n<h3 style=\"margin:0 0 25px;font-size:18px;line-height:1.4;font-weight:600;color:#222;\">\n        <span style=\"color:#e53935;\">Download Free<\/span> Microsoft Vulnerabilities Report 2026 <br \/>\n         <span style=\"color:#e53935;\">\u2013 A The latest Microsoft Vulnerabilities data, analyzed.<\/span><br \/>\n    <\/h3>\n<p>    <a href=\"https:\/\/www.beyondtrust.com\/resources\/whitepapers\/microsoft-vulnerability-report?utm_source=cybersecuritynews&amp;utm_medium=web&amp;utm_campaign=prospecting&amp;campid=701Vw00000acYITIA2\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" style=\"display:inline-block;background:#0b88d8;color:#fff;text-decoration:none;font-size:16px;font-weight:700;padding:8px 15px;border-radius:8px;\"><br \/>\n        Download Now<br \/>\n    <\/a><\/p>\n<\/div>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/sharepoint-server-code-execution-vulnerability-exploited\/\">CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/sharepoint-server-code-execution-vulnerability-exploited\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks. The vulnerability is a deserialization of untrusted data issue (CWE-502) that allows [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-14026","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14026"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14026"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14026\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}