Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New SharePoint Security Gap Exploited After Disclosure

New SharePoint Security Gap Exploited After Disclosure

Posted on July 17, 2026 By CWS

The cybersecurity landscape is once again on high alert as threat actors have started leveraging a critical vulnerability in Microsoft SharePoint. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified this as a remote code execution (RCE) flaw, creating significant security concerns for organizations relying on SharePoint.

Details of the SharePoint Vulnerability

Designated as CVE-2026-58644, this vulnerability boasts a CVSS score of 9.8, indicating its severe potential impact. Microsoft addressed this flaw during its July 2026 Patch Tuesday updates, categorizing it as a deserialization of untrusted data issue. According to Microsoft’s security advisory, attackers who authenticate as Site Owners can write and execute arbitrary code remotely on SharePoint Servers.

Microsoft not only rectified this flaw but also resolved other SharePoint security issues. Among them were CVE-2026-56164, previously identified as a zero-day vulnerability, and CVE-2026-55040, a critical security bypass that allows unauthorized file access and data manipulation.

Urgent Actions Recommended by CISA

Initially, CVE-2026-58644 was not flagged as actively exploited. However, following the detection of exploitation activities, Microsoft updated its security advisory and revised the vulnerability’s CVSS score. On Thursday, merely two days after issuing a warning about the SharePoint vulnerabilities, CISA included this CVE in its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are now mandated to apply patches within three days as per Binding Operational Directive (BOD) 26-04.

CISA has also added other vulnerabilities to the KEV list, such as CVE-2026-25089 and CVE-2026-39808, both involving OS command injection flaws in Fortinet FortiSandbox, patched earlier this year. These flaws similarly enable attackers to execute arbitrary code on compromised systems.

Implications and Future Outlook

The ongoing exploitation of these vulnerabilities underscores the critical need for timely security updates. Federal agencies are urged to comply with BOD 26-04 and reinforce their defenses against these threats. The swift addition of these vulnerabilities to the KEV list highlights the importance of proactive cybersecurity measures.

As organizations implement these necessary patches, the focus remains on safeguarding critical infrastructure from potential attacks. Continuous monitoring and adherence to security best practices are essential to mitigate risks associated with such vulnerabilities moving forward.

Security Week News Tags:CISA, CVE-2026-58644, Cybersecurity, Exploit, Microsoft, Patch Tuesday, remote code execution, security patch, SharePoint, Vulnerability

Post navigation

Previous Post: CISA Highlights Exploited SharePoint Vulnerability
Next Post: CISA Alerts on Critical Fortinet Vulnerabilities

Related Posts

Dozens of Major Data Breaches Linked to Single Threat Actor Dozens of Major Data Breaches Linked to Single Threat Actor Security Week News
Airrived Secures .1 Million for AI-Powered Operations Airrived Secures $6.1 Million for AI-Powered Operations Security Week News
AI Vulnerability Tool Disrupts Cybersecurity Market AI Vulnerability Tool Disrupts Cybersecurity Market Security Week News
Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak Security Week News
Webinar Today: Fact vs. Fiction – The Truth About API Security Webinar Today: Fact vs. Fiction – The Truth About API Security Security Week News
LevelBlue to Acquire Trustwave to Create Major MSSP LevelBlue to Acquire Trustwave to Create Major MSSP Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark