CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
Key Points:
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Microsoft SharePoint Server vulnerability (CVE-2026-58644) with a CVSS score of 9.8 to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch agencies to patch it by July 19, 2026.
- CVE-2026-58644 is a deserialization flaw allowing authenticated attackers with Site Owner privileges to execute arbitrary remote code, and Microsoft confirmed it has been exploited in the wild as a zero-day prior to patch release.
- The vulnerability affects Microsoft SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016, with patches released on July 14, 2026; CISA warned of active exploitation of multiple SharePoint vulnerabilities enabling unauthorized access and malware deployment.
- CISA recommends agencies apply patches promptly, enable Antimalware Scan Interface (AMSI), scan for intrusion artifacts, implement tailored logging, restrict internet exposure, and follow Microsoft's security-hardening guidance to mitigate risks.
- Additionally, CISA added two critical Fortinet FortiSandbox vulnerabilities (CVE-2026-25089 and CVE-2026-39808) to the KEV catalog, requiring federal agencies to update by the same July 19, 2026 deadline due to active exploitation reports.