The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said threat actors have been exploiting a high-severity vulnerability in Microsoft SharePoint Server.

Described as a deserialization of untrusted data bug, the exploited security defect allows authenticated attackers to execute arbitrary code on vulnerable SharePoint servers.

The flaw is tracked as CVE-2026-45659 (CVSS score of 8.8) and was patched in late May, via an out-of-band security update.

According to Microsoft, the vulnerability can be triggered by an authenticated attacker who has a minimum of Site Member permissions, without other elevated privileges.

The tech giant also warned that the security defect is easy to exploit, “because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.”