CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
AI Generated Image

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The Hacker News technology

Key Points:

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Microsoft SharePoint Server vulnerability (CVE-2026-58644) with a CVSS score of 9.8 to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch agencies to patch it by July 19, 2026.
  • CVE-2026-58644 is a deserialization flaw allowing authenticated attackers with Site Owner privileges to execute arbitrary remote code, and Microsoft confirmed it has been exploited in the wild as a zero-day prior to patch release.
  • The vulnerability affects Microsoft SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016, with patches released on July 14, 2026; CISA warned of active exploitation of multiple SharePoint vulnerabilities enabling unauthorized access and malware deployment.
  • CISA recommends agencies apply patches promptly, enable Antimalware Scan Interface (AMSI), scan for intrusion artifacts, implement tailored logging, restrict internet exposure, and follow Microsoft's security-hardening guidance to mitigate risks.
  • Additionally, CISA added two critical Fortinet FortiSandbox vulnerabilities (CVE-2026-25089 and CVE-2026-39808) to the KEV catalog, requiring federal agencies to update by the same July 19, 2026 deadline due to active exploitation reports.

Trending Business

Trending Technology

Trending Health