Neat Digest  ·  Archive  ·  Open in app ↗

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

Score 2.0/10 · 1 sources · July 17, 2026
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday. The flaw was recently patched by Microsoft but is already being actively exploited in the wild. CISA's KEV designation means all federal civilian executive branch agencies must apply the fix by a specified deadline. The vulnerability allows an unauthenticated attacker to execute arbitrary code on affected SharePoint servers. Organizations using SharePoint Server are urged to apply the latest security updates immediately. This is part of CISA's ongoing effort to prioritize remediation of actively exploited vulnerabilities.

Global Impact

This vulnerability has significant cybersecurity implications. Active exploitation means threat actors are already using it to breach networks, likely for data theft, ransomware deployment, or persistent access.