CVE-2026-58644
Microsoft SharePoint Remote Code Execution Vulnerability
Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
In plain language
AI Act nowCVE-2026-58644 is a SharePoint flaw that lets an attacker run malicious code on your server over the network without any login—if you use affected SharePoint versions, you should treat it as urgent to update.
CVE-2026-58644 is an unauthenticated remote code execution in Microsoft SharePoint caused by unsafe deserialization of attacker-controlled network input, allowing arbitrary code execution on the SharePoint server.
What to do now
- Check whether your Microsoft SharePoint is one of these affected versions: SharePoint Enterprise Server 2016, SharePoint Server 2019, or SharePoint Server Subscription Edition.
- Identify your current SharePoint build/version number from your server’s SharePoint “About”/version page.
- Compare your build to the fixed builds, and upgrade to at least one of these fixed versions: 16.0.5556.1005 (Enterprise Server 2016), 16.0.10417.20153 (Server 2019), or 16.0.19725.20384 (Subscription Edition).
- If you cannot update immediately, restrict network access to the SharePoint server (especially from the internet) and ensure only required internal networks/users can reach it until the update is applied.
- After updating, re-check the SharePoint build/version to confirm it matches or is newer than the fixed version you installed.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
3 techniquesReferences
- CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilitiesen-us·SecurityWeek· Summary only·
- Цунами уязвимостей: июльский Microsoft Patch Tuesdayru-ru·Kaspersky Daily (RU)· Summary only·
- AI-driven bug hunting fuels record Microsoft Patch Tuesdayen-us·Help Net Security·
- CISA warns admins to patch actively exploited SharePoint flawsen-us·BleepingComputer·
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-58644 and every CVE in our database. Create a free account — no credit card required.
Create Free Account