CISA has added Microsoft SharePoint Server CVE-2026-45659 to its Known Exploited Vulnerabilities catalogue, which means this is no longer just a patch note sitting in an administrator's queue. There is evidence that attackers are using the flaw in the real world.
For Trinidad and Tobago businesses, the practical question is simple: do you run on-premises SharePoint Server anywhere in your environment, and has it been patched?
What CVE-2026-45659 Is
CVE-2026-45659 is a deserialisation of untrusted data vulnerability in Microsoft Office SharePoint / SharePoint Server. Microsoft rates it High severity with a CVSS score of 8.8. The issue can allow an authorised, low-privilege attacker to execute code over the network without needing administrator rights or user interaction.
The affected on-premises products include SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft published the fix in May 2026, and CISA added the vulnerability to KEV on 1 July 2026 with a 4 July remediation date for US federal agencies.
Why This Matters To Business Owners
SharePoint often stores contracts, HR files, finance documents, client data, and internal procedures. If an attacker can run code on that server, the risk is not limited to one document library. A compromised SharePoint server can become a staging point for data theft, ransomware, credential theft, or further movement across the network.
This is especially relevant for organisations that have moved most services to Microsoft 365 but still keep an older on-premises SharePoint server for legacy workflows, intranet content, document archives, or a line-of-business integration. Those forgotten systems are exactly where patch gaps tend to live.
SharePoint Online Customers Should Still Verify Their Exposure
If your business uses SharePoint Online as part of Microsoft 365, Microsoft manages the platform patching. That is good news. It does not automatically prove that your business has no on-premises SharePoint exposure.
Ask your IT provider or internal team to confirm whether any SharePoint Server instances still exist, whether they are internet-facing, whether they are on supported versions, and whether the May 2026 security update has been applied across every SharePoint server in the farm.
What To Do Now
- Identify every SharePoint Server instance, including test, archive, and legacy systems.
- Apply Microsoft's security update for CVE-2026-45659 if it has not already been deployed.
- Check whether SharePoint is exposed to the internet or reachable from third-party networks.
- Review recent SharePoint logs for unusual sign-ins, file access, web shell indicators, unexpected service account activity, or new administrative changes.
- Make sure backups are current, isolated, and restorable before and after remediation.
The key point is timing. Once a vulnerability reaches CISA's exploited list, the patching window shrinks. Waiting for the next convenient maintenance cycle can leave a business exposed during the period when attackers are actively scanning for missed updates.
How Blue Chip Technologies Helps
Blue Chip Technologies' Managed IT Services are built around the boring but essential work that prevents incidents like this from becoming business emergencies. We use enterprise RMM, automated patch management, vulnerability monitoring, documentation, helpdesk workflows, and 24/7 proactive monitoring to keep client environments visible and current across Windows, macOS, Linux, and third-party applications.
For endpoint and server protection, we pair that operational discipline with Bitdefender GravityZone, ransomware prevention, EDR, phishing and web threat defence, and practical incident response support. For Microsoft 365 and Google Workspace environments, we also help tighten email security and reduce the chance that a stolen account becomes the first step in a wider compromise.
The goal is not to scare businesses into buying tools. The goal is to make sure patching, visibility, and response are handled consistently at a predictable monthly cost, instead of being rushed only after a vulnerability becomes news.
Useful References
- CISA Known Exploited Vulnerabilities Catalogue
- NVD record for CVE-2026-45659
- Microsoft Security Update Guide for CVE-2026-45659
If you are not sure whether SharePoint Server exists in your environment, start there. A quick asset check today is cheaper than finding the server during an incident.




