The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a high-severity Microsoft SharePoint Server remote code execution vulnerability, CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) catalog. CISA states there is evidence that the flaw is being actively exploited in the wild. The vulnerability affects Microsoft SharePoint Server and carries a CVSS score of 8.8. According to the reporting, the issue is triggered through remote code execution caused by the deserialization of untrusted data. CISA’s KEV listing functions as a federal directive encouraging organizations to remediate the vulnerability. Multiple outlets note that the flaw was patched in May, and CISA’s warning indicates attackers have started using the patched weakness shortly after remediation became available. The accounts also describe the vulnerability at a high level without detailing specific attacker techniques or indicators. Overall, the sources converge on CISA’s assessment of active exploitation and the identified vulnerability (CVE-2026-45659) affecting SharePoint Server.