CISA KEV Alert 7/16/2026, 5:37:01 PM

CISA Adds Critical SharePoint Flaw CVE-2026-58644 to KEV

Developing story vulnerability 10 articles tracked
Microsoft July 2026 Patch Tuesday addresses multiple SharePoint zero‑day vulnerabilities
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

CISA has added CVE-2026-58644 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Microsoft SharePoint and is named Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. It allows an unauthenticated attacker to execute arbitrary code over the network.

The vulnerability is a deserialization of untrusted data issue. Successful exploitation leads to remote code execution on the affected SharePoint server. The attack vector is network‑based and requires no user interaction. The Common Vulnerability Scoring System assigns it a score of 9.8, rating it as critical. Microsoft has released a security update that addresses the flaw.

CISA’s inclusion in the KEV list confirms that the vulnerability is being actively exploited in the wild. No public reports link this CVE to ransomware campaigns at this time. Federal Civilian Executive Branch (FCEB) agencies must apply the required mitigations by 19 July 2026, the remediation deadline set by CISA. The remediation deadline of 19 July 2026 is less than 72 hours after the CVE’s addition to the KEV list.

CISA directs FCEB agencies to apply mitigations in line with vendor instructions while complying with Binding Operational Directive (BOD) 26‑04, Prioritizing Security Updates Based on Risk, and the associated Forensics Triage Requirements. For cloud‑based SharePoint instances, agencies should follow the BOD 26‑04 guidance for cloud services or discontinue use if mitigations cannot be applied.

All organisations are advised to review their SharePoint exposure, verify internet‑facing instances, and ensure adherence to BOD 26‑04 patching timelines.

For complete technical details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-58644 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline