
Microsoft SharePoint
Microsoft's collaboration platform; a second KEV-listed flaw, CVE-2026-45659, hit federal deadline 4 July 2026.
Last refreshed: 4 July 2026 · Appears in 1 active topic
Was SharePoint being actively hacked on the same day Microsoft released the patch?
Timeline for Microsoft SharePoint
SharePoint patch clock runs out today
Cybersecurity: Threats and DefencesGRU hijacks home routers for M365 logins
Cybersecurity: Threats and DefencesHandala wipes 200,000 devices at Stryker
Cybersecurity: Threats and DefencesIs SharePoint being actively hacked in 2026?
Has SharePoint Server had more than one KEV vulnerability in 2026?
What is CVE-2026-45659?
Background
CVE-2026-32201, an Improper Input Validation vulnerability in Microsoft SharePoint Server, was added to the CISA Known Exploited Vulnerabilities catalogue as actively exploited at the time of the April 2026 Patch Tuesday release. A second flaw followed within the quarter: CISA added CVE-2026-45659, a deserialisation remote-code-execution vulnerability in SharePoint Server, to KEV on 1 July 2026 with a federal remediation deadline of 4 July.
Microsoft SharePoint is the company's enterprise document management and collaboration platform, used by hundreds of thousands of organisations for intranet portals, document libraries and workflow automation. Its deep integration with Microsoft 365 and Active Directory makes it a high-value target: a SharePoint vulnerability with server-side request forgery, authentication bypass or code-execution characteristics can provide a pivot into the broader M365 tenant and on-premises AD environment.
For enterprises on SharePoint Server (as opposed to SharePoint Online), both 2026 CVEs are patch-now obligations under KEV for federal agencies and high-priority items for enterprise patch teams. Two exploited-in-the-wild flaws inside three months, CVE-2026-32201 in April and CVE-2026-45659 in July, confirm SharePoint Server's on-premises footprint as a persistent target. The active-at-disclosure pattern also appeared in the F5 reclassification story earlier in 2026: defenders are consistently in a reactive position against vulnerabilities being exploited before or simultaneously with patch availability.