CISA Adds Microsoft SharePoint Deserialization Flaw to KEV Catalog
A critical deserialization vulnerability in Microsoft SharePoint is currently being exploited in the wild, requiring immediate action from federal agencies.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities catalog. This flaw, identified as a deserialization of untrusted data vulnerability (CWE-502), allows an unauthorized attacker to execute code over a network.
CISA has confirmed that this vulnerability is being actively exploited in real-world scenarios. Federal agencies are required to apply necessary mitigations by July 19, 2026, in accordance with BOD 26-04. Stakeholders should evaluate the internet exposure of their assets and follow vendor instructions to secure their environments, or discontinue use of the product if mitigations are unavailable.
Continue Reading
n8n Flaw Risks Multi-Issuer Hijacking
A critical identity-binding vulnerability in n8n's token exchange process allowed unauthorized account access across trusted issuers.
AI Agents Vulnerable to Data Injection
A new research paper details how 'probabilistic delimiter injection' allows attackers to bypass AI safety guards with fake data.
Critical Unauthenticated Access Flaw Found in Grafana OnCall
A critical vulnerability in Grafana OnCall allows unauthenticated remote attackers to gain full administrative access via hardcoded default identifiers.