All incidents

Microsoft July 2026 Patch Tuesday addresses multiple SharePoint zero‑day vulnerabilities

vulnerabilityopenJun 10, 2026 — Jul 17, 2026
Microsoft July 2026 Patch Tuesday addresses multiple SharePoint zero‑day vulnerabilities

MICROSOFT released updates via its July 2026 Patch Tuesday addressing several zero‑day flaws in SharePoint that are already being exploited in the wild. The same update cycle also includes fixes for critical command injection vulnerabilities in Fortinet FortiSandbox and a severe blind SSRF issue in Red Hat OpenShift AI. Administrators across sectors are urged to review the advisories and apply the relevant patches without delay.

The most severe SharePoint bug is tracked as CVE‑2026‑58644, which scores 9.8 on the CVSS scale and stems from insecure deserialization of untrusted data, allowing remote code execution with privileged rights. Microsoft has published a patch that resolves the flaw and recommends immediate installation. Two FortiSandbox vulnerabilities, CVE‑2026‑25089 and CVE‑2026‑39808, each carry a CVSS rating of 9.1 and arise from improper handling of user input that leads to OS command injection; Fortinet has issued updates detailed in advisory FG‑IR‑26‑141 and advisory FG‑IR‑26‑100.

Red Hat has disclosed a critical blind SSRF vulnerability in its OpenShift AI component, identified as CVE‑2026‑15378 with a CVSS score of 9.3. The flaw permits an unauthenticated attacker to craft requests that read arbitrary local files on the host, potentially exposing sensitive configuration data and credentials. While a patch is still pending, Red Hat advises organisations to enforce strict egress controls and monitor outbound traffic until an update becomes available.

The Cybersecurity and Infrastructure Security Agency added all three exploits to its Known Exploited Vulnerabilities catalogue on 16 July 2026, noting active exploitation in the wild. Federal agencies must apply the fixes for CVE‑2026‑58644, CVE‑2026‑25089 and CVE‑2026‑39808 by 19 July 2026 in line with Binding Operational Directive 26‑04. The catalogue entries contain links to the respective vendor advisories and mitigation guidance.

Defence teams should begin by installing the Microsoft SharePoint update released as part of the July Patch Tuesday cycle, then verify that Fortinet FortiSandbox appliances are running the latest firmware referenced in FG‑IR‑26‑141 and FG‑IR‑26‑100. For OpenShift AI environments, implement network egress filtering to block unauthorized outbound connections and review logs for unexpected file access attempts.

Where possible, segregate vulnerable systems from untrusted networks and apply the principle of least privilege to service accounts. Regular vulnerability scanning will help confirm that the mitigations are effective and that no remnants of the flaws remain.

Finally, maintain an accurate inventory of all SharePoint servers, FortiSandbox units and OpenShift AI instances, and test patches in a controlled setting before broad deployment. Subscribe to vendor security mailing lists and CISA alerts to stay informed of any follow‑up advisories. By combining timely patching with diligent monitoring and network segmentation, organisations can reduce the risk posed by these actively exploited zero‑day vulnerabilities.

Intelligence briefing updated Jul 17, 2026

CVE-2026-10520 10.0 KEV CVE-2026-58644 9.8 KEV CVE-2026-15378 9.3 CVE-2026-25089 9.1 KEV CVE-2026-39808 9.1 KEV CVE-2026-39813 9.1 CVE-2026-55040 9.1 CVE-2026-56155 7.8 KEV CVE-2026-50661 6.1 CVE-2026-56164 5.3 KEV
Root sourcemsrc.microsoft.com
Timeline Coverage

Swipe to explore timeline