securityonline.info 7/17/2026, 4:50:58 AM · external

CISA orders urgent patches for SharePoint, FortiSandbox flaws

CISA orders urgent patches for SharePoint, FortiSandbox flaws
Developing story vulnerability 25 articles tracked
Microsoft July 2026 Patch Tuesday addresses multiple SharePoint zero‑day vulnerabilities
CyberSIXT Evidence Panel
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog as of July 16, 2026. These include two critical vulnerabilities affecting Fortinet FortiSandbox and one affecting Microsoft SharePoint. The federal agencies are required to address these vulnerabilities by July 19, 2026. The vulnerabilities are noted for their high CVSS scores: CVE-2026-58644 for SharePoint scores 9.8, while CVE-2026-25089 and CVE-2026-39808 for FortiSandbox both score 9.1.

The SharePoint vulnerability involves deserialization of untrusted data, allowing attackers to execute unauthorized code, while the FortiSandbox vulnerabilities are related to improper command injection allowing remote command execution. Updates and patches have been issued by both Fortinet and Microsoft. IT professionals are advised to implement these patches immediately.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline