Alert - AL26-015 - Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-45659

Number: AL26-015
Date: July 2, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of a vulnerability affecting Microsoft SharePoint Server. In response to the Microsoft security advisory, released on May 21, 2026Footnote 1, the Cyber Centre issued AV26-456Footnote 2 Update 1 on May 21, 2026.

Tracked as CVE-2026-45659Footnote 3, this vulnerability is a critical Deserialization of Untrusted Data (CWE-502)Footnote 4 vulnerability affecting multiple versions of Microsoft SharePoint Server and could allow a low privileged remote attacker to execute remote code.

This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalogFootnote 5 on July 1, 2026.

Suggested actions

The Cyber Centre recommends that organizations upgrade affected Microsoft SharePoint instances to a fixed version:

Affected Product Affected Versions Fixed Versions
Microsoft SharePoint Enterprise Server 2016 16.0.0 before 16.0.5552.1002 16.0.5552.1002
Microsoft SharePoint Server 2019 16.0.0 before 16.0.10417.20128 16.0.10417.20128
Microsoft SharePoint Server Subscription Edition 16.0.0 before 16.0.19725.20280 16.0.19725.20280

The Cyber Centre recommends organizations:

  • Identify all on-premises SharePoint Server instances, particularly those exposed to the internet.
  • Use or upgrade to supported versions of on-premises Microsoft SharePoint Server.
  • Apply the latest security updates from Microsoft.

Important note: Microsoft SharePoint Enterprise Server 2016Footnote 6 and Server 2019Footnote 7 will be end of life on July 14, 2026. Organizations are urged to migrate to a supported version.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topicsFootnote 8.

  • Patch operating systems and applications
  • Harden operating systems and applications
  • Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.

Date modified: