Vulnerability  ·  2026-07-02

Microsoft SharePoint Server — Deserialization RCE Added to CISA KEV (CVE-2026-45659)

VulnerabilityHigh impactGlobalCVE-2026-45659
CISA added CVE-2026-45659 to the Known Exploited Vulnerabilities catalog on July 1, 2026, confirming active in-the-wild exploitation. Microsoft issued an out-of-band patch for this deserialization RCE flaw. CISA set a federal agency remediation deadline of July 4, 2026 under BOD 26-04.
SharePoint Server is a foundational document store for enterprise RAG pipelines and Microsoft 365 Copilot knowledge bases. RCE on SharePoint in the context of an AI deployment means an attacker can poison the document corpus feeding enterprise AI agents, exfiltrate sensitive documents used in RAG retrieval, or pivot to the broader enterprise network from the SharePoint host. Confirmed active exploitation makes this an immediate threat to AI-integrated SharePoint deployments.
An authorized attacker (network-accessible, no admin required) exploits a deserialization of untrusted data vulnerability to execute arbitrary code on the SharePoint server over the network. CISA required federal agency remediation by July 4, 2026.
Microsoft SharePoint Server 2016, 2019, and Subscription Edition
Apply Microsoft's out-of-band security update immediately. MSRC advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659. CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Sources
CISA KEV Catalog — CVE-2026-45659 Added July 1 2026CISA KEV Alert — Adds One Known Exploited VulnerabilityMSRC — CVE-2026-45659
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →