🔴 Critical  |  Source: CISA Known Exploited Vulnerabilities


A critical vulnerability in Microsoft SharePoint allows attackers to execute arbitrary code remotely by exploiting unsafe handling of untrusted data during deserialization. This flaw requires no authentication, meaning an attacker with network access could compromise a SharePoint server without any credentials. It is actively being exploited in the wild, making immediate patching essential.

Security Architect’s Take: Prioritise applying Microsoft’s patch before the CISA remediation deadline of 19 July 2026; in the interim, restrict network access to SharePoint instances at the perimeter and review audit logs for anomalous deserialization activity or unexpected process spawning from SharePoint worker processes.

Original advisory: CVE-2026-58644: Microsoft SharePoint