Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft SharePoint deserialization RCE (CVE-2026-58644)

Vulnerability
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft SharePoint CVE-2026-58644 is a critical RCE now confirmed actively exploited in the wild, exposing SharePoint Server to remote code execution. Microsoft fixed the flaw in July 2026 Patch Tuesday after describing it as a deserialization of untrusted data issue. CISA added it to the KEV catalog and ordered federal agencies to patch it within three days.

Related Happenings

CISA KEV directive for exploited SharePoint CVE-2026-58644

Public Sector Action
H score38 First: 17.07.2026 10:15 Last: 17.07.2026 10:15 Sources 1

How related: On Thursday, two days after warning of the risk posed by these SharePoint security defects, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, as mandated by BOD 26-04.

About this happening: CISA added CVE-2026-58644 to its KEV catalog and ordered federal agencies to patch it within three days. The directive applies to an exploited Microsoft Shar...

Microsoft SharePoint remote code execution (CVE-2026-45659)

Vulnerability
H score17 First: 26.05.2026 14:49 Last: 26.05.2026 14:49 Sources 1

About this happening: Microsoft SharePoint CVE-2026-45659 is a remote code execution vulnerability that lets an authenticated attacker with Site Member permissions run code over the...

Warlock ransomware post-exploitation tooling upgrades

Malware Activity
H score38 First: 17.03.2026 17:36 Last: 17.03.2026 17:36 Sources 1

About this happening: The Warlock ransomware group has upgraded its post-exploitation toolset with BYOVD, TightVNC, and Yuze, making intrusions harder to detect and interrupt. In an obs...

CISA FortiWeb remediation order for FCEB agencies

Public Sector Action
H score36 First: 19.11.2025 15:44 Last: 19.11.2025 15:44 Sources 1

About this happening: CISA ordered U.S. federal civilian agencies to secure FortiWeb within one week after the flaw was exploited in zero-day attacks, sharply raising the urgency for fe...

Timeline

  1. 17.07.2026 10:15 2 articles · 3h ago

    CISA warns of active exploitation of Microsoft SharePoint CVE-2026-58644

    Initial Disclosure

    US CISA says threat actors are exploiting Microsoft SharePoint CVE-2026-58644, a critical CVSS 9.8 remote code execution flaw described by Microsoft as a deserialization of untrusted data issue and fixed in Microsoft’s July 2026 Patch Tuesday updates. Microsoft says an attacker authenticated as at least a Site Owner can inject and execute code remotely on SharePoint Server, and its advisory now notes that exploitation was detected. CISA added the CVE to the Known Exploited Vulnerabilities catalog and told federal agencies to patch within three days under BOD 26-04.

    Show sources