The cybersecurity landscape is once again on high alert as threat actors have started leveraging a critical vulnerability in Microsoft SharePoint. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified this as a remote code execution (RCE) flaw, creating significant security concerns for organizations relying on SharePoint.
Details of the SharePoint Vulnerability
Designated as CVE-2026-58644, this vulnerability boasts a CVSS score of 9.8, indicating its severe potential impact. Microsoft addressed this flaw during its July 2026 Patch Tuesday updates, categorizing it as a deserialization of untrusted data issue. According to Microsoft’s security advisory, attackers who authenticate as Site Owners can write and execute arbitrary code remotely on SharePoint Servers.
Microsoft not only rectified this flaw but also resolved other SharePoint security issues. Among them were CVE-2026-56164, previously identified as a zero-day vulnerability, and CVE-2026-55040, a critical security bypass that allows unauthorized file access and data manipulation.
Urgent Actions Recommended by CISA
Initially, CVE-2026-58644 was not flagged as actively exploited. However, following the detection of exploitation activities, Microsoft updated its security advisory and revised the vulnerability’s CVSS score. On Thursday, merely two days after issuing a warning about the SharePoint vulnerabilities, CISA included this CVE in its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are now mandated to apply patches within three days as per Binding Operational Directive (BOD) 26-04.
CISA has also added other vulnerabilities to the KEV list, such as CVE-2026-25089 and CVE-2026-39808, both involving OS command injection flaws in Fortinet FortiSandbox, patched earlier this year. These flaws similarly enable attackers to execute arbitrary code on compromised systems.
Implications and Future Outlook
The ongoing exploitation of these vulnerabilities underscores the critical need for timely security updates. Federal agencies are urged to comply with BOD 26-04 and reinforce their defenses against these threats. The swift addition of these vulnerabilities to the KEV list highlights the importance of proactive cybersecurity measures.
As organizations implement these necessary patches, the focus remains on safeguarding critical infrastructure from potential attacks. Continuous monitoring and adherence to security best practices are essential to mitigate risks associated with such vulnerabilities moving forward.
