SharePoint Server Actively Exploited: CISA Orders Patch Before Ransomware Actors Strike

SharePoint Server vulnerability CVE-2026-45659 is under active exploitation. CISA added the deserialization remote code execution flaw to its Known Exploited Vulnerabilities catalog July 1, giving agencies until today to patch. Any user with Site Member access can trigger the flaw remotely — no elevated privileges required. Here is what to patch and how to investigate.