Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft SharePoint remote code execution (CVE-2026-45659)

Vulnerability
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft SharePoint CVE-2026-45659 is a remote code execution vulnerability that lets an authenticated attacker with Site Member permissions run code over the network on affected servers.

Related Happenings

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

Microsoft CVD response for Windows Defender and BitLocker

Advisory/Mitigation
H score47 First: 28.05.2026 16:53 Last: 28.05.2026 16:53 Sources 1

About this happening: **Microsoft** is urging **Coordinated Vulnerability Disclosure (CVD)** and says it is developing **security updates** for **Windows components including Defender and BitLocker** a...

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
H score53 First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

SolarWinds Web Help Desk (WHD) multi-stage exploitation wave

Exploitation Wave
H score44 First: 09.02.2026 16:42 Last: 09.02.2026 16:42 Sources 1

About this happening: **SolarWinds Web Help Desk (WHD)** exploitation is a **multi-stage intrusion wave** affecting **internet-exposed WHD instances**. The foothold remains unconfirmed, but the wave is...

Latest development: 10.03.2026 08:17

CISA added CVE-2025-26399 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, said Microsoft and Huntress had reported threat actors using SolarWinds Web Help Desk flaws to obtain initial access, attributed the activity to the Warlock ransomware crew, and ordered Federal Civilian Executive Branch (FCEB) agencies to apply the fix by March 12, 2026.

Timeline

  1. 26.05.2026 14:49 2 articles · 1mo ago

    Microsoft rolls out SharePoint RCE fixes for CVE-2026-45659

    Mitigation Patch Update

    Microsoft rolled out updates to fix a remote code execution vulnerability in Microsoft Office SharePoint tracked as CVE-2026-45659, rated CVSS 8.8 and important severity. The flaw lets an authenticated attacker with Site Member permissions execute code over a network without elevated privileges, and Microsoft released updates for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

    Show sources