CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday. The flaw was recently patched by Microsoft but is already being actively exploited in the wild. CISA's KEV designation means all federal civilian executive branch agencies must apply the fix by a specified deadline. The vulnerability allows an unauthenticated attacker to execute arbitrary code on affected SharePoint servers. Organizations using SharePoint Server are urged to apply the latest security updates immediately. This is part of CISA's ongoing effort to prioritize remediation of actively exploited vulnerabilities.
Global Impact
This vulnerability has significant cybersecurity implications. Active exploitation means threat actors are already using it to breach networks, likely for data theft, ransomware deployment, or persistent access.