CISA Adds Critical Microsoft SharePoint Vulnerability to KEV Catalog Amid Active Exploitation
The Cybersecurity and Infrastructure Security Agency (**CISA**) has issued a fresh warning, adding a critical **Microsoft SharePoint Server** deserialization vulnerability to its Known Exploited Vulnerabilities (**KEV**) Catalog. Identified as **CVE-2026-45659**, this flaw is actively being exploited, posing significant risks to organizations, particularly federal agencies.
In a recent update, **CISA** has highlighted a severe security vulnerability impacting **Microsoft SharePoint Server**, urging immediate action from all organizations. The vulnerability, officially tracked as **CVE-2026-45659**, involves a deserialization of untrusted data flaw, a common attack vector for malicious cyber actors.
### The Threat of Deserialization Vulnerabilities
Deserialization vulnerabilities are particularly dangerous as they can allow attackers to execute arbitrary code on a server by manipulating data structures. This type of exploit can lead to full system compromise, data theft, and disruption of services, making it a high-priority concern for IT security professionals.
### CISA's KEV Catalog and BOD 26-04
**CISA**'s **KEV Catalog** serves as a crucial resource, listing vulnerabilities for which there is confirmed evidence of active exploitation. Its inclusion in the catalog triggers specific remediation requirements for Federal Civilian Executive Branch (**FCEB**) agencies under **Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk**.
**BOD 26-04** mandates that federal agencies swiftly remediate high-risk vulnerabilities, especially those in the **KEV Catalog** that affect publicly exposed assets and grant total control post-exploitation. The directive also emphasizes the importance of checking for system compromises *before* applying patches, a critical step in incident response.
### Recommendations for All Organizations
While **BOD 26-04** is specifically aimed at **FCEB** agencies, **CISA** strongly advises all organizationsβpublic and private sectorβto adopt similar risk-based vulnerability management strategies. Prioritizing the remediation of vulnerabilities listed in the **KEV Catalog** is a proactive measure that can significantly reduce an organization's attack surface and protect against known threats.
Organizations are encouraged to review their **Microsoft SharePoint Server** deployments for potential exposure to **CVE-2026-45659** and apply necessary patches or mitigations without delay. **CISA** continues to update the **KEV Catalog** as new exploited vulnerabilities are identified and verified.
### Reporting Exploited Vulnerabilities
**CISA** also provides a **KEV Nomination Form** for security professionals aware of actively exploited vulnerabilities not yet listed in the catalog. To be considered, a vulnerability must have a **CVE** ID, clear evidence of exploitation, and actionable mitigation guidance.