Security · 2h ago
CISA Flags Critical SharePoint Zero-Day as Actively Exploited
CISA added a critical SharePoint Server remote code execution flaw, CVE-2026-58644 (CVSS 9.8), to its KEV catalog, ordering federal agencies to patch by July 19, 2026. The deserialization vulnerability is actively exploited in attacks. Microsoft released a fix in the latest Patch Tuesday update.
Meridian48 take
While CISA's KEV listing is routine, the CVSS 9.8 score and active exploitation underscore that SharePoint remains a high-value, frequently targeted enterprise attack surface.
Read the full reporting
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV →
The Hacker News
cisasharepoint