Advertisement
Security

CISA Adds Actively Exploited Microsoft SharePoint Flaw to KEV Catalog

A deserialization vulnerability in Microsoft SharePoint is currently being exploited in the wild, prompting an urgent remediation deadline for federal agencies.

··1 hour ago·1 min read
man siting facing laptop
Photo by Clint Patterson on Unsplash
Advertisement

CISA has added CVE-2026-58644, a deserialization of untrusted data vulnerability (CWE-502) affecting Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog. This security flaw allows an unauthorized attacker to execute code over a network, posing a significant risk to affected environments.

Because the vulnerability is being actively exploited in real-world attacks, federal agencies are required to apply vendor-provided mitigations by July 19, 2026. Organizations must follow CISA's BOD 26-04 guidance, which includes evaluating internet exposure and adhering to specific forensics triage requirements.

#cve-2026-58644#microsoft#sharepoint#deserialization#cisa

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement