🔴 Critical  |  Source: The Hacker News


A critical zero-day vulnerability (CVE-2026-58644, CVSS 9.8) in Microsoft SharePoint Server allows remote code execution via a deserialization flaw and is already being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities catalogue, mandating that US federal agencies patch by 19 July 2026. Given SharePoint’s widespread use as a collaboration platform, the blast radius for unpatched organisations is significant.

Security Architect’s Take: Prioritise patching all on-premises and hybrid SharePoint Server deployments immediately — do not wait for your standard patching cycle. If SharePoint is internet-facing, consider placing it behind a WAF or restricting access whilst the patch is applied, and review logs for signs of deserialization-based exploitation.

Original advisory: CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV