A critical remote code execution zero-day vulnerability, CVE-2026-58644, has been added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency, prompting Federal Civilian Executive Branch agencies to patch Microsoft SharePoint Server by July 19, 2026. This vulnerability has a CVSS score of 9.8, indicating a high level of severity. The flaw is a deserialization issue that can be exploited by attackers, allowing them to execute arbitrary code on affected systems. CISA's addition of this vulnerability to the KEV catalog suggests that it is being actively exploited in the wild1. The requirement for agencies to apply fixes by a specific deadline underscores the urgency of addressing this vulnerability. This matters to security practitioners because the exploitation status of CVE-2026-58644 determines whether immediate patching or ongoing monitoring is necessary to prevent potential attacks.
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
⚠️ Critical Alert
Why This Matters
CVE-2026-58644 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, July 17). CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV. *The Hacker News*. https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html
Original Source
The Hacker News
Read original →