CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

Summary

CISA has added a critical SharePoint Server remote code execution (RCE) vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are mandated to apply the necessary patches by July 19, 2026.

IFF Assessment

FOE

The addition of a critical, exploited vulnerability to CISA's KEV catalog signifies an active threat to systems, making it bad news for defenders who must prioritize remediation.

Severity

9.8 Critical

The CVSS score of 9.8 indicates a critical severity, likely due to a high attack vector, high impact on confidentiality, integrity, and availability, and exploitability factors that make it readily exploitable.

CISA KEV: Listed as actively exploited. Federal patch due: July 19, 2026. Known ransomware use: Unknown.

Defender Context

Defenders should be aware of this critical SharePoint RCE vulnerability and ensure timely patching, especially if operating within or connected to environments subject to CISA's FCEB directives. The inclusion on the KEV catalog implies active exploitation, necessitating prompt threat hunting and mitigation efforts.

Read Full Story →