Microsoft SharePoint deserialization RCE (CVE-2026-58644)
Vulnerability
Summary
Hide ▲
Show ▼
Microsoft SharePoint CVE-2026-58644 is a critical RCE now confirmed actively exploited in the wild, exposing SharePoint Server to remote code execution. Microsoft fixed the flaw in July 2026 Patch Tuesday after describing it as a deserialization of untrusted data issue. CISA added it to the KEV catalog and ordered federal agencies to patch it within three days.
Related Happenings
CISA KEV directive for exploited SharePoint CVE-2026-58644
Public Sector Action
H score38
First: 17.07.2026 10:15
Last: 17.07.2026 10:15
Sources 1
How related:
On Thursday, two days after warning of the risk posed by these SharePoint security defects, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, as mandated by BOD 26-04.
About this happening:
CISA added CVE-2026-58644 to its KEV catalog and ordered federal agencies to patch it within three days. The directive applies to an exploited Microsoft Shar...
CISA KEV directive for exploited SharePoint CVE-2026-58644
Public Sector ActionHow related: On Thursday, two days after warning of the risk posed by these SharePoint security defects, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, as mandated by BOD 26-04.
About this happening: CISA added CVE-2026-58644 to its KEV catalog and ordered federal agencies to patch it within three days. The directive applies to an exploited Microsoft Shar...
Microsoft SharePoint remote code execution (CVE-2026-45659)
Vulnerability
H score17
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft SharePoint CVE-2026-45659 is a remote code execution vulnerability that lets an authenticated attacker with Site Member permissions run code over the...
Microsoft SharePoint remote code execution (CVE-2026-45659)
VulnerabilityAbout this happening: Microsoft SharePoint CVE-2026-45659 is a remote code execution vulnerability that lets an authenticated attacker with Site Member permissions run code over the...
Warlock ransomware post-exploitation tooling upgrades
Malware Activity
H score38
First: 17.03.2026 17:36
Last: 17.03.2026 17:36
Sources 1
About this happening:
The Warlock ransomware group has upgraded its post-exploitation toolset with BYOVD, TightVNC, and Yuze, making intrusions harder to detect and interrupt. In an obs...
Warlock ransomware post-exploitation tooling upgrades
Malware ActivityAbout this happening: The Warlock ransomware group has upgraded its post-exploitation toolset with BYOVD, TightVNC, and Yuze, making intrusions harder to detect and interrupt. In an obs...
CISA FortiWeb remediation order for FCEB agencies
Public Sector Action
H score36
First: 19.11.2025 15:44
Last: 19.11.2025 15:44
Sources 1
About this happening:
CISA ordered U.S. federal civilian agencies to secure FortiWeb within one week after the flaw was exploited in zero-day attacks, sharply raising the urgency for fe...
CISA FortiWeb remediation order for FCEB agencies
Public Sector ActionAbout this happening: CISA ordered U.S. federal civilian agencies to secure FortiWeb within one week after the flaw was exploited in zero-day attacks, sharply raising the urgency for fe...
Timeline
-
17.07.2026 10:15 2 articles · 3h ago
CISA warns of active exploitation of Microsoft SharePoint CVE-2026-58644
Initial DisclosureUS CISA says threat actors are exploiting Microsoft SharePoint CVE-2026-58644, a critical CVSS 9.8 remote code execution flaw described by Microsoft as a deserialization of untrusted data issue and fixed in Microsoft’s July 2026 Patch Tuesday updates. Microsoft says an attacker authenticated as at least a Site Owner can inject and execute code remotely on SharePoint Server, and its advisory now notes that exploitation was detected. CISA added the CVE to the Known Exploited Vulnerabilities catalog and told federal agencies to patch within three days under BOD 26-04.
Show sources
- Fresh SharePoint Vulnerability Exploited Soon After Disclosure — www.securityweek.com — 17.07.2026 10:15
- Fresh SharePoint Vulnerability Exploited Soon After Disclosure — www.securityweek.com — 17.07.2026 10:15