CISA has added CVE-2026-58644 to its Known Exploited Vulnerabilities catalog after the flaw entered active exploitation in the wild. The vulnerability affects Microsoft SharePoint Server with a critical CVSS score of 9.8, indicating severe risk to organizations running vulnerable instances.
The flaw stems from a deserialization vulnerability in SharePoint Server. Deserialization attacks allow attackers to execute arbitrary code by manipulating how applications process serialized data. This particular vulnerability enables remote code execution without requiring authentication, making it especially dangerous. Attackers can gain direct control over SharePoint servers simply by sending malicious requests.
CISA's inclusion on the KEV catalog indicates confirmed active exploitation. This formal listing requires all Federal Civilian Executive Branch agencies to patch systems by July 19, 2026. Private sector organizations should treat this deadline as a baseline and prioritize patching immediately, given the vulnerability's exploitability and the high probability of targeted attacks.
Microsoft has released patches to address CVE-2026-58644. Organizations running SharePoint Server 2019, 2016, or earlier versions face the highest risk. The vulnerability allows attackers to bypass security controls entirely, potentially leading to data theft, lateral movement within networks, or complete system compromise.
For organizations unable to patch immediately, temporary mitigations include restricting network access to SharePoint servers, disabling unnecessary features, and monitoring for suspicious deserialization attempts. However, these measures provide only partial protection against determined attackers.
The inclusion on CISA's KEV catalog signals that threat actors actively exploit this vulnerability. Organizations should assume adversaries have functional exploit code and are systematically targeting unpatched systems. This transforms CVE-2026-58644 from a theoretical risk into an immediate operational threat.
SharePoint's central role in enterprise environments makes this vulnerability particularly damaging. Compromised Share
