🟠 High  |  Source: Microsoft Security Response Center


Microsoft has issued a correction to the advisory for CVE-2026-58644, a Remote Code Execution vulnerability in Microsoft SharePoint. The update revises the Exploitability Index, the ‘Exploited’ flag, and the CVSS vector, all of which were inaccurate at initial publication on 14 July 2026. This is a metadata correction only — no new patch or change to the underlying vulnerability is introduced.

Security Architect’s Take: Review the corrected CVSS vector and updated Exploitability Index to reassess your patching priority for SharePoint environments. If the revised ‘Exploited’ flag now indicates active exploitation, treat this as urgent and accelerate remediation timelines accordingly.

Original advisory: CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability