CISA has added Microsoft SharePoint Server CVE-2026-45659 to its exploited-vulnerabilities catalog, giving federal agencies until July 4 to apply mitigations and run forensic triage. The flaw was patched in May, but active exploitation means on-prem SharePoint teams should verify builds, review exposure, and check for compromise now.