Deserialization Vulnerability in Microsoft Office SharePoint
CVE-2026-58644
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 July 2026
Badges
What is CVE-2026-58644?
CVE-2026-58644 is a serious deserialization vulnerability affecting Microsoft Office SharePoint, a widely used collaboration platform that enables organizations to manage content, knowledge, and applications across teams. This vulnerability arises from the improper handling of untrusted data during the deserialization process, which can be manipulated by an unauthorized attacker. If exploited, this flaw allows attackers to execute arbitrary code over a network. The implications for organizations are significant, as successful exploitation could lead to unauthorized execution of malicious code, compromising system integrity, access to sensitive information, and potentially enabling further attacks within the affected environment.
Potential impact of CVE-2026-58644
-
Remote Code Execution: Exploitation of this vulnerability grants attackers the ability to run arbitrary code on affected systems. This can enable them to take control of crucial SharePoint environments, leading to severe security breaches.
-
Data Compromise: Attackers can exploit this vulnerability to access, modify, or exfiltrate sensitive data stored within SharePoint. The resulting data breaches can have legal, regulatory, and reputational consequences for organizations.
-
Network Propagation: Once an attacker gains a foothold via this vulnerability, they can leverage it to move laterally within the network. This could facilitate further exploits or the deployment of additional malware, amplifying the overall impact on the organization’s cybersecurity posture.
CISA has reported CVE-2026-58644
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-58644 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5556.1005
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20153
Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.19725.20384
News Articles
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks - IT Security News
CISA has added a critical Microsoft SharePoint vulnerability, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. This addition comes with a warning that attackers are actively exploiting the flaw in real-world attacks. The vulnerability stems from a weakness…Read more →
2 days ago
CISA Warns of Microsoft SharePoint Code Execution Vulnerability Exploited in Attacks
CISA warns of active exploitation after adding Microsoft SharePoint flaw CVE-2026-58644 to its KEV Catalog.
2 days ago

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
CISA says SharePoint CVE-2026-58644 was exploited before Microsoft patched it, affecting all supported on-premises versions and enabling RCE.
2 days ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by Securityweek
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved