VYPR
kevPublished Jul 1, 2026· 1 source

CISA Adds Microsoft SharePoint Deserialization Vulnerability to KEV Catalog

CISA has added CVE-2026-45659, a deserialization vulnerability in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities (KEV) Catalog, citing active exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2026-45659, affects Microsoft SharePoint Server and is categorized as a deserialization of untrusted data vulnerability. This addition signifies that CISA has confirmed evidence of active exploitation of this flaw in the wild.

Deserialization vulnerabilities are a common and potent attack vector for malicious cyber actors. They occur when an application improperly handles serialized data, allowing an attacker to inject malicious code or manipulate program logic by providing specially crafted input. In the context of Microsoft SharePoint Server, such a vulnerability could potentially lead to unauthorized access, data breaches, or even complete system compromise.

As part of its ongoing efforts to bolster federal cybersecurity, CISA's inclusion of CVE-2026-45659 in the KEV Catalog triggers specific actions under Binding Operational Directive (BOD) 26-04. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies must prioritize the remediation of vulnerabilities listed in the KEV Catalog, particularly on publicly exposed assets. The directive emphasizes a risk-based approach, requiring agencies to address vulnerabilities that grant total control of an asset post-exploitation with urgency.

BOD 26-04 also sets expectations for agencies regarding the detection of compromises that may have occurred before a patch was applied. While the directive's requirements are specific to FCEB agencies, CISA strongly encourages all organizations, including those in the private sector, to adopt similar risk-based vulnerability management practices. Prioritizing the remediation of vulnerabilities like CVE-2026-45659 is crucial for maintaining a strong security posture.

CISA continues to actively monitor the threat landscape and will add new vulnerabilities to the KEV Catalog as evidence of active exploitation emerges. The agency relies on information from various sources, including its own research, threat intelligence, and public reporting, to identify and validate these vulnerabilities. Organizations are urged to stay informed about additions to the KEV Catalog and to implement timely patching and mitigation strategies.

For organizations that discover an exploited vulnerability not yet listed in the KEV Catalog, CISA provides a nomination form to submit such findings. To be considered for addition, a vulnerability must have a designated CVE ID, demonstrable evidence of exploitation, and clear guidance on how to mitigate or remediate the issue. This collaborative approach helps ensure that the KEV Catalog remains a comprehensive and up-to-date resource for critical cybersecurity threats.

The inclusion of this Microsoft SharePoint Server vulnerability underscores the persistent threat posed by deserialization flaws and the importance of CISA's KEV Catalog in guiding federal agencies and other organizations toward effective vulnerability management. Prompt attention to this CVE is recommended for all entities utilizing affected Microsoft SharePoint Server versions.

Synthesized by Vypr AI