CISA warns of actively exploited on-premises SharePoint Server flaws (CVE-2026-56164, CVE-2026-45659, CVE-2026-32201)
CISA issued an urgent hardening alert after confirming that attackers were chaining three vulnerabilities in on-premises Microsoft SharePoint Server — including an unauthenticated missing-authentication bug the U.S. National Vulnerability Database rates critical — to reach remote code execution, steal IIS machine keys and deploy malware.
- Victim
- Microsoft SharePoint Server