Advertisement
Security

CISA Adds Microsoft SharePoint Deserialization Flaw to KEV Catalog

A critical deserialization vulnerability in Microsoft SharePoint is currently being exploited in the wild, requiring immediate action from federal agencies.

··1 hour ago·1 min read
a bunch of blue wires connected to each other
Photo by Scott Rodgerson on Unsplash
Advertisement

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities catalog. This flaw, identified as a deserialization of untrusted data vulnerability (CWE-502), allows an unauthorized attacker to execute code over a network.

CISA has confirmed that this vulnerability is being actively exploited in real-world scenarios. Federal agencies are required to apply necessary mitigations by July 19, 2026, in accordance with BOD 26-04. Stakeholders should evaluate the internet exposure of their assets and follow vendor instructions to secure their environments, or discontinue use of the product if mitigations are unavailable.

#cve-2026-58644#microsoft#sharepoint#cisa#vulnerability

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement