Microsoft told customers a fresh SharePoint Server vulnerability carried low odds of real-world abuse. Days later, federal authorities added it to the list of bugs already under active attack. The reversal highlights persistent gaps between vendor risk predictions and evidence gathered by defenders watching the trenches. CISA placed CVE-2026-45659 into its Known Exploited Vulnerabilities catalog on July 1, 2026. The entry triggered a tight deadl…
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.
CISA has just alerted the active operation of a fixed SharePoint Server fault last May. It allows an authenticated attacker to run remote code on a vulnerable server.