Number: AL26-015
Date: July 2, 2026
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
The Canadian Centre for Cyber Security (Cyber Centre) is aware of active exploitation of a vulnerability affecting Microsoft SharePoint Server. In response to the Microsoft security advisory, released on May 21, 2026Footnote1, the Cyber Centre issued AV26-456Footnote2 Update 1 on May 21, 2026.
Tracked as CVE-2026-45659Footnote3, this vulnerability is a critical Deserialization of Untrusted Data (CWE-502)Footnote4 vulnerability affecting multiple versions of Microsoft SharePoint Server and could allow a low privileged remote attacker to execute remote code.
This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalogFootnote5 on July 1, 2026.
Suggested actions
The Cyber Centre recommends that organizations upgrade affected Microsoft SharePoint instances to a fixed version:
| Affected Product | Affected Versions | Fixed Versions |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | 16.0.0 before 16.0.5552.1002 | 16.0.5552.1002 |
| Microsoft SharePoint Server 2019 | 16.0.0 before 16.0.10417.20128 | 16.0.10417.20128 |
| Microsoft SharePoint Server Subscription Edition | 16.0.0 before 16.0.19725.20280 | 16.0.19725.20280 |
The Cyber Centre recommends organizations:
- Identify all on-premises SharePoint Server instances, particularly those exposed to the internet.
- Use or upgrade to supported versions of on-premises Microsoft SharePoint Server.
- Apply the latest security updates from Microsoft.
Important note: Microsoft SharePoint Enterprise Server 2016Footnote6 and Server 2019Footnote7 will be end of life on July 14, 2026. Organizations are urged to migrate to a supported version.
In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topicsFootnote8.
- Patch operating systems and applications
- Harden operating systems and applications
- Isolate web-facing applications
Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.


