A critical remote code execution vulnerability, designated as CVE-2026-58644, has been discovered in Microsoft SharePoint Server, allowing unauthenticated attackers to execute arbitrary code with a CVSS v3.1 score of 9.8. This vulnerability arises from the deserialization of untrusted data and has been confirmed by Microsoft to be actively exploited in the wild1. As a result, it has been added to the CISA's Known Exploited Vulnerabilities catalog, prompting concerns about the need for immediate patching. The vulnerability affects on-premises Microsoft SharePoint Server deployments, and its exploitation status suggests that it should be treated as a high-priority threat. Given the severity of this vulnerability and its active exploitation, practitioners should prioritize patching their Microsoft SharePoint Server deployments to prevent potential attacks. This vulnerability's exploitation in the wild underscores the importance of timely patch management to prevent remote code execution attacks.
CVE-2026-58644: Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability Exploited in the Wild
⚠️ Critical Alert
Why This Matters
CVE-2026-58644 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- Rapid7. (2026, July 17). CVE-2026-58644: Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability Exploited in the Wild. Rapid7 Blog. https://www.rapid7.com/blog/post/etr-cve-2026-58644-microsoft-sharepoint-server-unauthenticated-remote-code-execution-vulnerability-exploited-in-the-wild
Original Source
Rapid7 Blog
Read original →