The Circuitry
THE CIRCUITRYYour one-stop source for all tech news
HOMETODAYNEWSFEEDEVENTS
BOOKMARKS
RSS
© 2026 The Circuitry
About UsSourcesContactCorrectionsPrivacy
  • Today
  • Feed
  • Events
  • Saved
Scroll for more
Verification
VERIFIEDConfidence: HIGH
Source identified
Claims cross-referenced
No discrepancies found
Fact-check summary

CISA's July 1 addition of CVE-2026-45659 to its KEV catalog (due July 4) is confirmed on cisa.gov and covered by BleepingComputer.

Sourcing
1source

via BleepingComputer

BleepingComputer · track record
56Stories
100%Verified
3530d
All sources →
Markets
MSFT···

Live quote · not investment advice

Home/Tech/CISA Warns of Active Exploitation of SharePoint RCE Flaw
VERIFIEDBy Xavier Rivera· ·2 min read

CISA Warns of Active Exploitation of SharePoint RCE Flaw

CISA warned Wednesday that attackers are exploiting CVE-2026-45659, a SharePoint RCE flaw patched by Microsoft in May, and added it to its KEV catalog on July 1 with a July 4 deadline for federal agencies. The deserialization vulnerability lets low-privileged authenticated users execute code remotely over the network, and more than 10,000 SharePoint servers remain exposed online.

Source:BleepingComputer
Post
CISA Warns of Active Exploitation of SharePoint RCE Flaw
TL;DRAI · 60 sec read

CISA warns of active exploitation of a SharePoint remote code execution flaw that allows authenticated users with minimal rights to run arbitrary code. The agency adds the issue to its Known Exploited Vulnerabilities catalog and requires federal agencies to apply available patches by July 4 to address risks on thousands of exposed servers.

Developing storymonitoring for updates
This story is still unfolding. Confirmed developments will appear here.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning Wednesday that malicious actors have started targeting a high-severity remote code execution vulnerability in Microsoft SharePoint.

CISA adds CVE-2026-45659 to its Known Exploited Vulnerabilities catalog. The agency placed the flaw in the catalog on July 1, 2026, and directed Federal Civilian Executive Branch agencies to apply fixes by July 4. This step aligns with Binding Operational Directive 26-04, released last month, which sets priorities according to KEV listing, potential for automated large-scale exploitation, online exposure of assets, and whether successful compromise delivers partial or full control.
Since then CISA has cataloged 11 Microsoft SharePoint bugs exploited in the wild, seven of which also featured in ransomware campaigns.
The issue arises from deserialization of untrusted data and reportedly enables authenticated users holding minimal rights to run arbitrary code on vulnerable SharePoint servers through straightforward network attacks that require no user interaction.

Microsoft details low-privilege, network-based attack requirements. "Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server," Microsoft explains. The company classifies the attack vector as Network because the bug can be reached from the internet and lists attack complexity as Low since little advance system knowledge is needed for repeatable success.
From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →
Fixes for SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition arrived on May 21. Microsoft noted that the CVE identifier had been accidentally omitted from the May 2026 Security Updates.

Shadowserver tracks more than 10,000 exposed SharePoint servers. The internet security watchdog group is currently monitoring over 10,000 SharePoint servers reachable online. No figures exist on how many of those systems have received the May patches and are therefore shielded from ongoing CVE-2026-45659 exploitation.

SharePoint vulnerabilities have been frequent targets since 2021. Since then CISA has cataloged 11 Microsoft SharePoint bugs exploited in the wild, seven of which also featured in ransomware campaigns. During the April 2026 Patch Tuesday, Microsoft fixed a different SharePoint vulnerability that had been used in zero-day attacks.
CISA stated that flaws of this nature serve as common entry points for malicious cyber actors and create major threats across federal networks. Agencies must follow applicable BOD 26-04 guidance for cloud services or stop using the product when no mitigations exist. Each organization bears responsibility for assessing internet exposure of its assets and complying with BOD 26-04 patching rules.

EXPERT TAKE

Federal agencies now have three days to patch or face compliance violations under BOD 26-04, underscoring how quickly CISA escalates actively exploited SharePoint flaws into mandatory remediation.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported
DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE
From The Circuitry

See what’s happening right now

The Feed runs all day — short, verified briefs the moment they break.

Open the Feed →
From The Circuitry

Follow @thecircuitry_

Every story we publish, as it happens. No noise between.

Follow on X ↗On Bluesky ↗

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee
MicrosoftSharePointCISAVulnerabilityKEV
More fromBleepingComputer
  • DHS confirms hackers breached HSIN info-sharing platform

    Tech · 20h
  • Anthropic to restore Claude Fable 5 access Wednesday

    Tech · 1d
  • Microsoft pulls forward quantum-safe encryption deadline to 2029

    Tech · 1d
More inTech
  • Tesla Q2 deliveries top forecasts with 25% jump to 480,126

    Tech · 16m
  • Bouygues Telecom Becomes First French Operator to Finish Full XGS-PON Deployment

    Tech · 54m
  • Europe's Highest Court Rejects Google's Appeal of $4.7 Billion Antitrust Penalty

    Tech · 54m
SupportThe Work

The Circuitry is reader-supported. If you find the daily brief useful, you can buy me a coffee to keep it going.

Buy a coffee →
SubscribeCircuitry Brief

Daily brief at 7 AM ET. Top tech stories, every morning.

MORE IN TECH

Tesla Q2 deliveries top forecasts with 25% jump to 480,126

Tesla reported 480,126 vehicle deliveries in Q2 2026, exceeding analyst expectations of roughly 406,600 and marking a 25% jump from the prior year. The results signal a potential rebound for the automaker after consecutive annual sales declines driven by consumer backlash, lost tax credits, and rising competition.

Bouygues Telecom Becomes First French Operator to Finish Full XGS-PON Deployment

Bouygues Telecom has completed XGS-PON fiber deployment across its entire network, positioning the operator as the first in France to enable symmetrical 8 Gb/s speeds for all subscribers. The upgrade, which quadruples prior GPON performance, helps prepare French broadband infrastructure for continued growth in data demand.

Europe's Highest Court Rejects Google's Appeal of $4.7 Billion Antitrust Penalty

Europe's top court upheld an approximately $4.7 billion antitrust penalty targeting Google for allegedly abusing Android's dominance through pre-installation deals with device makers. The ruling ends years of appeals, follows a reduction by a lower court, and comes as the EU expands oversight of large technology platforms under new rules while drawing criticism from U.S. officials.