BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Adds Critical Microsoft SharePoint Flaw CVE-2026-58644 to KEV Catalog

CISA warns of active exploitation of critical SharePoint RCE flaw CVE-2026-58644.

  • CISA added a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities catalog.
  • The flaw allows unauthenticated remote code execution and has been exploited in the wild as a zero-day.
  • Federal agencies must apply patches by July 19, 2026, while CISA also warned of active exploitation of three other SharePoint Server vulnerabilities.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to apply fixes by July 19, 2026. The vulnerability, tracked as CVE-2026-58644, carries a CVSS score of 9.8 and involves a critical deserialization of untrusted data issue that allows an unauthorized attacker to execute arbitrary code.

- Advertisement -

Microsoft noted that an attacker authenticated as at least a Site Owner could, “write arbitrary code to inject and execute code remotely on the SharePoint Server.” The tech giant further explained that the attack complexity is low because an attacker requires no significant prior knowledge of the system and can achieve repeatable success with a payload.

The vulnerability impacts Microsoft SharePoint Server Subscription Edition, 2019, and Enterprise Server 2016. Patches for the flaw were released as part of the July 14, 2026 Patch Tuesday updates, and Microsoft has since revised its advisory to confirm exploitation in the wild. Consequently, CISA also warned of active exploitation across multiple SharePoint Server vulnerabilities, including CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, which threaten all supported on-premises versions.

The federal watchdog outlined that these vulnerabilities facilitate remote code execution and post-exploitation activities, such as stealing IIS machine keys to gain persistence and deploy malware. CISA has issued hardening measures including applying the latest patches, ensuring Antimalware Scan Interface integration is enabled, rotating IIS machine keys after scanning for intrusion artifacts, and avoiding direct internet exposure of SharePoint Servers. Meanwhile, the agency also added two critical flaws impacting Fortinet FortiSandbox to the KEV catalog following reports of active exploitation.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin Bears Strike Again: BTC Rejected at $64k

Bitcoin (BTC) faced another rejection at the $64,000 resistance level, falling 1.7% in the...

Black: SpaceX acquiring Tesla would dilute shareholders 25%

Gary Black rejected speculation that SpaceX could acquire Tesla, warning such a deal could...

Bybit launches Indonesia platform after acquiring NOBI

Bybit launched a locally operated platform in Indonesia after acquiring a majority stake in...

Bitcoin Futures Liquidity Drives Price Action Near Key $64K Level

Bitcoin's short-term price action is increasingly driven by futures market activity, with prices gravitating...

Hacker leaks Suno source code, confirms massive music scraping

A Hacker using the Shai-Hulud worm breached AI music platform Suno and leaked source...

Must Read

Are Cryptocurrency Securities?

TL;DR - Cryptocurrencies are not typically considered securities, as they are decentralized digital assets that operate independently of any central authority or government. However,...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading