The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a newly patched safety flaw impacting Microsoft SharePoint Server to its Identified Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Government Department (FCEB) businesses to use the fixes by July 19, 2026.
The vulnerability in query is CVE-2026-58644 (CVSS rating: 9.8), a crucial deserialization of untrusted knowledge vulnerability that permits an unauthorized attacker to execute arbitrary code.
“In a network-based assault, an attacker authenticated as not less than a Website Proprietor, might write arbitrary code to inject and execute code remotely on the SharePoint Server,” Microsoft stated in an advisory launched earlier this week.
Redmond famous that the vulnerability is remotely exploitable over the web, warning that the assault complexity is low for 2 causes –
- An attacker doesn’t require vital prior data of the system
- An attacker can obtain repeatable success with the payload in opposition to the weak element
The vulnerability impacts the next variations –
- Microsoft SharePoint Server Subscription Version
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Enterprise Server 2016
Patches for the flaw have been launched as a part of the Patch Tuesday updates launched on July 14, 2026. Microsoft has since revised its bulletin to make clear that CVE-2026-58644 has been exploited within the wild, that means the shortcoming was weaponized as a zero-day previous to the fixes turning into out there.
The event comes as CISA warned of lively exploitation of a number of SharePoint Server vulnerabilities, together with CVE-2026-32201, CVE-2026-45659, CVE-2026-56164, and CVE-2026-58644, that would allow risk actors to achieve unauthorized entry to on-premises cases.
“These vulnerabilities have an effect on all supported on-premises SharePoint Server variations (Subscription Version, 2019, and 2016) and contain establishing distant code execution (RCE) and post-exploitation actions, akin to stealing Web Info Providers (IIS) machine keys and performing deserialization strategies, to achieve persistence and deploy malware,” the federal cybersecurity watchdog famous.
CISA has outlined the next hardening measures to include the risk –
- Apply the newest patches and safety updates from Microsoft, confirm they’ve been put in efficiently, and shorten patching cycles when doable.
- Confirm that Antimalware Scan Interface (AMSI) integration is enabled for every SharePoint internet utility.
- Scan for and take away intrusion artifacts, together with machine key harvesting instruments, earlier than rotating IIS machine keys to keep away from the theft of the keys.
- Set up tailor-made logging mechanisms to detect and monitor exploitation actions.
- Keep away from exposing SharePoint Servers on to the web until essential.
- Block exterior entry to SharePoint Central Administration, limit farm and database communications to required techniques, and evaluate Microsoft’s SharePoint Server security-hardening steerage for role-specific ports, providers, and Net.config settings.
On Thursday, the company additionally added two crucial safety flaws impacting Fortinet FortiSandbox (CVE-2026-25089 and CVE-2026-39808) to the KEV catalog, following reviews of lively exploitation. Federal businesses have till July 19, 2026, to replace their cases to the newest supported variations.










