Skip to content
You can now search across every topic, entity and event.What's new
Microsoft SharePoint
ProductUS

Microsoft SharePoint

Microsoft's collaboration platform; a second KEV-listed flaw, CVE-2026-45659, hit federal deadline 4 July 2026.

Last refreshed: 4 July 2026 · Appears in 1 active topic

Key Question

Was SharePoint being actively hacked on the same day Microsoft released the patch?

Timeline for Microsoft SharePoint

#91 Jul

SharePoint patch clock runs out today

Cybersecurity: Threats and Defences
#17 Apr

GRU hijacks home routers for M365 logins

Cybersecurity: Threats and Defences
#111 Mar

Handala wipes 200,000 devices at Stryker

Cybersecurity: Threats and Defences
View full timeline →
Common Questions
Is SharePoint being actively hacked in 2026?
Yes. CVE-2026-32201, an Improper Input Validation vulnerability in SharePoint Server, was added to CISA's Known Exploited Vulnerabilities catalogue in April 2026 as actively exploited at the time of Microsoft's Patch Tuesday disclosure.Source: CISA KEV
Has SharePoint Server had more than one KEV vulnerability in 2026?
Yes. CVE-2026-32201 was added to CISA's KEV catalogue in April 2026 and CVE-2026-45659, a separate deserialisation remote-code-execution flaw, followed on 1 July 2026 with a federal Deadline of 4 July.Source: CISA KEV
What is CVE-2026-45659?
CVE-2026-45659 is a deserialisation-of-untrusted-data remote-code-execution vulnerability in Microsoft SharePoint Server, added to CISA's Known Exploited Vulnerabilities catalogue on 1 July 2026 with a federal patch Deadline of 4 July.Source: CISA KEV

Background

CVE-2026-32201, an Improper Input Validation vulnerability in Microsoft SharePoint Server, was added to the CISA Known Exploited Vulnerabilities catalogue as actively exploited at the time of the April 2026 Patch Tuesday release. A second flaw followed within the quarter: CISA added CVE-2026-45659, a deserialisation remote-code-execution vulnerability in SharePoint Server, to KEV on 1 July 2026 with a federal remediation deadline of 4 July.

Microsoft SharePoint is the company's enterprise document management and collaboration platform, used by hundreds of thousands of organisations for intranet portals, document libraries and workflow automation. Its deep integration with Microsoft 365 and Active Directory makes it a high-value target: a SharePoint vulnerability with server-side request forgery, authentication bypass or code-execution characteristics can provide a pivot into the broader M365 tenant and on-premises AD environment.

For enterprises on SharePoint Server (as opposed to SharePoint Online), both 2026 CVEs are patch-now obligations under KEV for federal agencies and high-priority items for enterprise patch teams. Two exploited-in-the-wild flaws inside three months, CVE-2026-32201 in April and CVE-2026-45659 in July, confirm SharePoint Server's on-premises footprint as a persistent target. The active-at-disclosure pattern also appeared in the F5 reclassification story earlier in 2026: defenders are consistently in a reactive position against vulnerabilities being exploited before or simultaneously with patch availability.

More questions
Why do federal agencies have a fixed deadline to patch SharePoint?
Under CISA's Binding Operational Directive, federal civilian agencies must remediate any KEV-listed vulnerability within its published Deadline; the July 2026 SharePoint flaw carried a three-day window from 1 to 4 July.Source: CISA KEV
Is SharePoint Online affected by the 2026 KEV vulnerabilities?
No. Both 2026 KEV-listed SharePoint flaws affect on-premises SharePoint Server deployments; SharePoint Online, Microsoft's cloud-hosted version, is not implicated.