A critical remote code execution zero-day vulnerability, CVE-2026-58644, has been added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency, prompting Federal Civilian Executive Branch agencies to patch Microsoft SharePoint Server by July 19, 2026. This vulnerability has a CVSS score of 9.8, indicating a high level of severity. The flaw is a deserialization issue that can be exploited by attackers, allowing them to execute arbitrary code on affected systems. CISA's addition of this vulnerability to the KEV catalog suggests that it is being actively exploited in the wild1. The requirement for agencies to apply fixes by a specific deadline underscores the urgency of addressing this vulnerability. This matters to security practitioners because the exploitation status of CVE-2026-58644 determines whether immediate patching or ongoing monitoring is necessary to prevent potential attacks.