Code Defence Cyber security

CISA adds Microsoft SharePoint Server deserialization RCE flaw CVE-2026-45659 to KEV catalog

A critical deserialization of untrusted data vulnerability located within a dominant enterprise document coordination and collaboration suite has been formally indexed into the federal registry of actively targeted threats. The flaw enables authenticated remote network actors to bypass standard permission filters to run arbitrary system code directly on the application server.

The security vulnerability, tracked as CVE-2026-45659, impacts Microsoft SharePoint Server environments, including Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The underlying issue involves a data handling failure when parsing serialized application inputs. Because the interface fails to securely evaluate incoming object matrices, an authenticated user with minimum Site Member access rights can submit malformed parameters over network links to trigger the execution of untrusted code arrays without requiring administrative approval keys. Threat tracking reports confirm that extortion networks, including the Storm-2603 ransomware group, are actively abusing this vector to secure network footholds.

Subverting a centralized collaboration server introduces severe security hazards across corporate networks. Because SharePoint deployments maintain deep integration hooks into internal directory systems, user access repositories, and corporate document storage backends, a successful exploitation loop lets an adversary extract intellectual property, map adjacent network infrastructure paths, and position persistent backdoors while masking actions behind valid user contexts.

– Force immediate deployment of the security updates and cumulative patches supplied by Microsoft to all SharePoint instances.

– Apply strict risk-prioritization rules under Binding Operational Directive 26-04 to insulate internal collaboration nodes within three days.

– Audit server operational summaries for unexpected application errors or atypical file inclusions tracing to web.config structures.

– Monitor access profiles for unusual document access behaviors or unauthorized domain administrator creations.

Data framework protection relies on prompt patch application combined with continuous access monitoring to guarantee that internal collaboration platforms are completely protected from unauthenticated script manipulation. #CodeDefence #Microsoft #SharePoint #RCE #Deserialization #CISA #KEV
/

Scroll to Top