Microsoft: CVE-2026-45659 Added to CISA KEV Under Active Exploitation
Key findings • CVE-2026-45659, a Microsoft vulnerability, has been added to CISA's KEV Catalog. • The vulnerability is confirmed to be under active exploitation by threat actors. • Organi…

Key findings
- CVE-2026-45659, a Microsoft vulnerability, has been added to CISA's KEV Catalog.
- The vulnerability is confirmed to be under active exploitation by threat actors.
- Organizations must prioritize patching and mitigation efforts immediately.
- CISA mandates federal agencies to remediate this flaw by July 24, 2026.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding a significant Microsoft vulnerability, CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog. This inclusion signifies that the flaw is under active exploitation by threat actors, posing an immediate and severe risk to organizations utilizing affected Microsoft products.
CISA's KEV Catalog serves as a definitive list of security vulnerabilities that have been confirmed to be actively used in cyberattacks. Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate these vulnerabilities by specific deadlines, underscoring the critical importance of addressing such flaws promptly. The addition of CVE-2026-45659 highlights the ongoing efforts by malicious actors to leverage known weaknesses for unauthorized access, data exfiltration, or system disruption.
CVE-2026-45659, identified simply by its identifier, represents a specific security flaw within the Microsoft ecosystem. While specific details regarding the nature of the vulnerability are not provided in the KEV entry, its presence on the list confirms that it has been weaponized and is actively being used in real-world attacks. Organizations should prioritize understanding the scope and impact of this particular CVE within their environments.
Given the confirmed active exploitation, immediate action is required from all organizations, not just federal agencies. Defenders should consult Microsoft's official security advisories for CVE-2026-45659 to identify affected products and apply available patches or mitigation strategies without delay. The remediation deadline for federal agencies for this vulnerability is set for July 24, 2026, but all entities should aim to address it much sooner to minimize exposure to ongoing threats.
The US Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-45659 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch the Microsoft SharePoint vulnerability within three days. While CISA has not released specific details on observed attacks, this inclusion highlights the critical nature of the deserialization flaw and the urgency for all organizations to apply Microsoft's patches.