Published Thursday, July 16, 2026 at 12:19 PM PT

BLUF: Microsoft SharePoint Server is under active exploitation via three critical vulnerabilities (CVE-2026-32201, CVE-2026-45659, CVE-2026-56164). CISA has issued a hardening alert. Organizations running SharePoint Server must apply patches immediately. An additional high-severity flaw was recently patched in July 2026 Patch Tuesday.
DETAILS:
- Three Microsoft SharePoint Server vulnerabilities are confirmed under active, in-the-wild exploitation as of publication date
- CVE-2026-56164 was addressed in Microsoft’s July 2026 Patch Tuesday release (569 total CVEs patched that month)
- CISA has issued formal hardening guidance in response to active exploitation activity
- An additional high-severity SharePoint flaw was recently patched; specific CVE designation and severity level require confirmation from primary Microsoft advisory
- Exploitation appears targeted at SharePoint Server deployments; scope of affected versions not yet confirmed in available sources
IMPACT:
- Affected Systems: Microsoft SharePoint Server installations (version scope uncertain — requires verification against Microsoft security advisories)
- Attack Vector: Remote exploitation likely; authentication requirements unknown
- Scope: Organizations with internet-facing or internal SharePoint deployments face immediate risk
- Potential Compromise: Typical SharePoint exploitation enables data exfiltration, lateral movement, and persistence
RECOMMENDED ACTIONS:
- Immediate: Locate and inventory all SharePoint Server instances in your environment
- Priority: Apply Microsoft’s July 2026 Patch Tuesday updates to all affected systems
- Urgent: Cross-reference your SharePoint versions against CVE-2026-32201, CVE-2026-45659, CVE-2026-56164 in Microsoft Security Update Guide for applicability
- Monitor: Enable logging on SharePoint servers; review access logs for suspicious activity
- Escalate: If exploitation is suspected, isolate affected systems and engage incident response
SOURCES:
- Tenable Blog: CVE-2026-32201, CVE-2026-45659, CVE-2026-56164 FAQ
- Tenable Blog: Microsoft July 2026 Patch Tuesday (569 CVEs)
- CISA Hardening Alert (referenced; primary advisory recommended)
