bleeping-computer · Crawled Jul 5, 2026

CISA: Microsoft SharePoint RCE flaw now actively exploited

Read original article ↗

AI Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a high-severity remote code execution vulnerability in Microsoft SharePoint, tracked as CVE-2026-45659, is now under active exploitation. The flaw allows authenticated attackers with low privileges to execute arbitrary code remotely on unpatched SharePoint servers without user interaction. Microsoft addressed the vulnerability in May 2026 updates, but over 10,000 exposed servers remain at risk. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by a strict deadline.

AI-extracted · verify before operational use

No entities or IoCs were extracted from this article.