www.rapid7.com 7/17/2026, 8:27:15 PM · external

Attackers exploit Critical SharePoint RCE flaw CVE-2026-58644

Attackers exploit Critical SharePoint RCE flaw CVE-2026-58644
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CISA KEV Listed in KEV
Patch Patch Available

ON July 14, 2026, Microsoft reported CVE-2026-58644, a critical unauthenticated remote code execution vulnerability in SharePoint Server with a CVSS score of 9.8. It affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and Subscription Edition. The vulnerability is exploited via deserialization of untrusted data, enabling attackers to execute arbitrary code.

Microsoft confirmed active exploitation and recommended immediate security updates and monitoring through Microsoft Defender and AMSI detections for exploitation attempts. Organizations are urged to apply patches, verify update success, and initiate incident response if exploitation is detected. Rapid7's tools can help assess exposure to this vulnerability.

View Primary Source Via www.rapid7.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline