www.securityweek.com 7/17/2026, 7:40:52 AM · external

Critical SharePoint Flaw Exploited, CISA Urges Immediate Patching

Critical SharePoint Flaw Exploited, CISA Urges Immediate Patching
Developing story vulnerability 27 articles tracked
CISA adds multiple vulnerabilities to Known Exploited Vulnerabilities catalogue
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CISA KEV Listed in KEV
Patch Patch Available

THE recent cybersecurity advisory warns of a critical remote code execution vulnerability in Microsoft SharePoint, tracked as CVE-2026-58644, which has been exploited by threat actors. The flaw, associated with deserialization of untrusted data, allows attackers to execute arbitrary code if authenticated as at least a Site Owner. Microsoft has updated its advisory after confirming the exploitation of this vulnerability, which has a CVSS score of 9.8. The U.S.

Cybersecurity and Infrastructure Security Agency (CISA) added this to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch it within three days. Additionally, two other critical OS command injection flaws in Fortinet FortiSandbox were also added to the KEV list, prompting similar urgent action for patches.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline