Future TechnologyFuture Technology
Security

Your On-Prem SharePoint Server Has Until Tomorrow to Get Patched

3 July 2026 · 3 min read

CISA has added a high-severity SharePoint remote code execution vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities catalog, confirming that attackers are already using it in the wild. Federal Civilian Executive Branch agencies in the US have been given until 4 July 2026 to apply the fix, a deadline that lands the day after this newsletter goes out.

What the bug does

Remote code execution flaws are about as bad as it gets: a successful attacker can run arbitrary commands on the affected server without needing valid credentials first. That makes an unpatched on-prem SharePoint deployment a direct route into whatever else sits on your internal network, not just an isolated document library.

Who needs to worry

This affects on-premises SharePoint Server deployments. If your organisation only uses SharePoint Online through Microsoft 365, this specific vulnerability does not touch you, Microsoft manages patching on the hosted side. If you are running SharePoint Server on your own infrastructure, the CISA deadline is a signal, not a suggestion, and the fact that a federal deadline exists at all tells you exploitation is already active rather than theoretical.

What to do

Apply Microsofts patch now if you have not already. Do not wait for a compliance deadline that technically does not apply to your organisation, the same clock is ticking for everyone once a vulnerability is in CISAs KEV catalog, because that listing exists specifically because attackers are already using it against real targets.

Sources: The Hacker News, CISA KEV catalog