Close Menu
    What's Hot

    Connor Wickham exclusive: Former Sunderland, Crystal Palace striker discusses the reality of 18 months without a club | Football News

    Philippines Condemns AI Video Posted by Chinese State Media Depicting It as a Monkey

    How Andy Burnham, ‘King of the North,’ Conquered U.K. Politics

    Facebook X (Twitter) Instagram
    Trending
    • Connor Wickham exclusive: Former Sunderland, Crystal Palace striker discusses the reality of 18 months without a club | Football News
    • Philippines Condemns AI Video Posted by Chinese State Media Depicting It as a Monkey
    • How Andy Burnham, ‘King of the North,’ Conquered U.K. Politics
    • India eyes market comeback with $1bn IPO for SBI Funds Management
    • Monopar Stock: A Rare Disease Asset With Heavy-Metal Upside (Initiating Buy) (NASDAQ:MNPR)
    • CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
    • Mid-career and feeling stuck? Here’s how to reclaim your value
    • Trump Released Documents on China and the 2020 Election. Here’s What We Know.
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

    adminBy adminJuly 17, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 17, 2026Vulnerability / Enterprise Security

    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026.

    The vulnerability in question is CVE-2026-58644 (CVSS score: 9.8), a critical deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute arbitrary code.

    “In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server,” Microsoft said in an advisory released earlier this week.

    Redmond noted that the vulnerability is remotely exploitable over the internet, warning that the attack complexity is low for two reasons –

    • An attacker does not require significant prior knowledge of the system
    • An attacker can achieve repeatable success with the payload against the vulnerable component

    The vulnerability impacts the following versions –

    • Microsoft SharePoint Server Subscription Edition
    • Microsoft SharePoint Server 2019
    • Microsoft SharePoint Enterprise Server 2016

    Patches for the flaw have been released as part of the Patch Tuesday updates released on July 14, 2026. Microsoft has since revised its bulletin to clarify that CVE-2026-58644 has been exploited in the wild, meaning the shortcoming was weaponized as a zero-day prior to the fixes becoming available.

    The development comes as CISA warned of active exploitation of multiple SharePoint Server vulnerabilities, including CVE-2026-32201, CVE-2026-45659, CVE-2026-56164, and CVE-2026-58644, that could enable threat actors to gain unauthorized access to on-premises instances.

    “These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware,” the federal cybersecurity watchdog noted.

    CISA has outlined the following hardening measures to contain the threat –

    • Apply the latest patches and security updates from Microsoft, verify they have been installed successfully, and shorten patching cycles when possible.
    • Verify that Antimalware Scan Interface (AMSI) integration is enabled for each SharePoint web application.
    • Scan for and remove intrusion artifacts, including machine key harvesting tools, before rotating IIS machine keys to avoid the theft of the keys.
    • Establish tailored logging mechanisms to detect and monitor exploitation activities.
    • Avoid exposing SharePoint Servers directly to the internet unless necessary.
    • Block external access to SharePoint Central Administration, restrict farm and database communications to required systems, and review Microsoft’s SharePoint Server security-hardening guidance for role-specific ports, services, and Web.config settings.

    On Thursday, the agency also added two critical security flaws impacting Fortinet FortiSandbox (CVE-2026-25089 and CVE-2026-39808) to the KEV catalog, following reports of active exploitation. Federal agencies have until July 19, 2026, to update their instances to the latest supported versions.

    adds CISA CVE202658644 Exploited KEV RCE SharePoint zeroday
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleMid-career and feeling stuck? Here’s how to reclaim your value
    Next Article Monopar Stock: A Rare Disease Asset With Heavy-Metal Upside (Initiating Buy) (NASDAQ:MNPR)
    admin
    • Website

    Related Posts

    Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

    July 17, 2026

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    July 17, 2026

    New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

    July 17, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Connor Wickham exclusive: Former Sunderland, Crystal Palace striker discusses the reality of 18 months without a club | Football News

    Philippines Condemns AI Video Posted by Chinese State Media Depicting It as a Monkey

    How Andy Burnham, ‘King of the North,’ Conquered U.K. Politics

    India eyes market comeback with $1bn IPO for SBI Funds Management

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by