The Hacker News
כתבה מובילה
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question is CVE-2026-58644 (CVSS score: 9.8), a critical deserialization

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026.
The vulnerability in question is CVE-2026-58644 (CVSS score: 9. 8), a critical deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute arbitrary code.
"In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server," Microsoft said in an advisory released earlier this week.
Redmond noted that the vulnerability is remotely exploitable over the internet, warning that the attack complexity is low for two reasons - The vulnerability impacts the following versions - Patches for the flaw have been released as part of the Patch Tuesday updates released on July 14, 2026.
Microsoft has since revised its bulletin to clarify that CVE-2026-58644 has been exploited in the wild, meaning the shortcoming was weaponized as a zero-day prior to the fixes becoming available.
The development comes as CISA warned of active exploitation of multiple SharePoint Server vulnerabilities, including CVE-2026-32201, CVE-2026-45659, CVE-2026-56164, and CVE-2026-58644, that could enable threat actors to gain unauthorized access to on-premises instances.
"These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware," the federal cybersecurity watchdog noted.
CISA has outlined the following hardening measures to contain the threat - On Thursday, the agency also added two critical security flaws impacting Fortinet FortiSandbox (CVE-2026-25089 and CVE-2026-39808) to the KEV catalog, following reports of active exploitation .
Federal agencies have until July 19, 2026, to update their instances to the latest supported versions. Learn how to secure AI agents with practical controls for access, visibility, secrets, and risk containment. Learn how to govern risk, secure AI-built software, and keep control as development moves at machine speed.