Deserialization Vulnerability in Microsoft Office SharePoint
CVE-2026-58644

9.8CRITICAL

Key Information:

Badges

🔥 Trending now📈 Trended📈 Score: 2,090👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2026-58644?

CVE-2026-58644 is a serious deserialization vulnerability affecting Microsoft Office SharePoint, a widely used collaboration platform that enables organizations to manage content, knowledge, and applications across teams. This vulnerability arises from the improper handling of untrusted data during the deserialization process, which can be manipulated by an unauthorized attacker. If exploited, this flaw allows attackers to execute arbitrary code over a network. The implications for organizations are significant, as successful exploitation could lead to unauthorized execution of malicious code, compromising system integrity, access to sensitive information, and potentially enabling further attacks within the affected environment.

Potential impact of CVE-2026-58644

  1. Remote Code Execution: Exploitation of this vulnerability grants attackers the ability to run arbitrary code on affected systems. This can enable them to take control of crucial SharePoint environments, leading to severe security breaches.

  2. Data Compromise: Attackers can exploit this vulnerability to access, modify, or exfiltrate sensitive data stored within SharePoint. The resulting data breaches can have legal, regulatory, and reputational consequences for organizations.

  3. Network Propagation: Once an attacker gains a foothold via this vulnerability, they can leverage it to move laterally within the network. This could facilitate further exploits or the deployment of additional malware, amplifying the overall impact on the organization’s cybersecurity posture.

CISA has reported CVE-2026-58644

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-58644 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5556.1005

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20153

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.19725.20384

News Articles

CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks - IT Security News

CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively exploiting the flaw in real-world attacks. The vulnerability stems from a weakness…Read more →

2 days ago

CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks

CISA warns of active exploitation after adding Microsoft SharePoint flaw CVE-2026-58644 to its KEV Catalog.

2 days ago

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

CISA says SharePoint CVE-2026-58644 was exploited before Microsoft patched it, affecting all supported on-premises versions and enabling RCE.

2 days ago

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Securityweek

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.