# CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

_Thursday, July 16, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV — Primary](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH1X7ZnvKsW37BBvjNfEzT4Imh9ZIRL4_2W1JaNVe_MyO3Q5H1MPsET-SASqznhlfOExRrLj4-6NzhgvGi76w4U5tSmlM-pJLIqO5jF3g9G1DR_FNhuwcatBFb8ARvD4PPMiQvMCFiTlEOlc13nQbQqCn5ZHf1J2ZOqDeG3_pmBiQ92hTfMErJKcjKbNtZ/s1700-e365/sharepoint-cisa.jpg)

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to apply the fixes by July 19, 2026. The vulnerability is CVE-2026-58644, a critical deserialization of untrusted data vulnerability with a CVSS score of 9.8 that allows an unauthorized attacker to execute arbitrary code. Microsoft said in an advisory released earlier this week that in a network-based attack an attacker authenticated as at least a Site Owner could write arbitrary code to inject and execute code remotely on the SharePoint Server. The company noted the vulnerability is remotely exploitable over the internet with low attack complexity. The flaw impacts Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. Patches were released as part of Patch Tuesday updates on July 14, 2026. Microsoft has revised its bulletin to clarify that CVE-2026-58644 has been exploited in the wild as a zero-day prior to fixes becoming available. CISA warned of active exploitation of multiple SharePoint Server vulnerabilities that could enable threat actors to gain unauthorized access to on-premises instances. The agency outlined hardening measures including applying latest patches, verifying Antimalware Scan Interface integration, scanning for intrusion artifacts, establishing logging mechanisms, and avoiding exposing SharePoint Servers directly to the internet. On Thursday the agency also added two critical security flaws impacting Fortinet FortiSandbox to the KEV catalog.

## Sources

- [The Hacker News](https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html)

---
Canonical: https://techandbusiness.org/newswire/XKgdMK8StTTwoBiMgIvIw9
Retrieved: 2026-07-17T12:38:34.941Z
Publisher: Tech & Business (techandbusiness.org)
