ON July 14, 2026, Microsoft reported CVE-2026-58644, a critical unauthenticated remote code execution vulnerability in SharePoint Server with a CVSS score of 9.8. It affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and Subscription Edition. The vulnerability is exploited via deserialization of untrusted data, enabling attackers to execute arbitrary code.
Microsoft confirmed active exploitation and recommended immediate security updates and monitoring through Microsoft Defender and AMSI detections for exploitation attempts. Organizations are urged to apply patches, verify update success, and initiate incident response if exploitation is detected. Rapid7's tools can help assess exposure to this vulnerability.