Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4117 articles · 176594 vulns · 37/41 feeds (7d)
← Back to list
9.8
CVE-2026-58644KEVEXPLOITEDPATCHED
microsoft · sharepoint_server

Microsoft SharePoint Remote Code Execution Vulnerability

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

Affected Products

VendorProductVersions
microsoftsharepoint_server16.0.0, 16.0.0, 16.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
microsoftmicrosoft sharepoint server subscription editionmitre_affected90%
microsoftmicrosoft sharepointmitre_affected90%

References

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644(vendor-advisory, patch)

Related News (6 articles)

Tier B
CCCS Canada1d ago
AL26-017 - Critical vulnerabilities impacting Microsoft SharePoint Server – CVE-2026-56164, CVE-2026-55040 and CVE-2026-58644
→ No new info (linked only)
Tier D
BleepingComputer1d ago
CISA warns admins to patch actively exploited SharePoint flaws
→ No new info (linked only)
Tier B
CERT-FR2d ago
Multiples vulnérabilités dans les produits Microsoft (15 juillet 2026)
→ No new info (linked only)
Tier C
Qualys Blog2d ago
Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review 
→ No new info (linked only)
Tier C
VulDB2d ago
CVE-2026-58644 | Microsoft SharePoint Server Object Serialization deserialization
→ No new info (linked only)
Tier A
Microsoft MSRC2d ago
CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability
→ No new info (linked only)
CVSS 3.19.8 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
16.0.5556.100516.0.10417.2015316.0.19725.20384
CWECWE-502
PublishedJul 14, 2026
Last enriched1d agov3
Tags
CVE-2026-55164CVE-2026-55040CVE-2026-58644CVE-2026-56164
Trending Score128🔥
Source articles6
Independent6
Info Completeness10/14
Missing: epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-56164EXPKEV
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Trending: 149
CRITICALCVE-2026-45659EXPKEV
Microsoft SharePoint Remote Code Execution Vulnerability
Trending: 146
HIGHCVE-2026-56155EXPKEV
Active Directory Federation Services Elevation of Privilege Vulnerability
Trending: 144
CRITICALCVE-2026-55040EXP
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Trending: 84
CRITICALCVE-2026-57092EXP
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Trending: 81

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Added to CISA KEV
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: exploitAvailable, activelyExploited
Jul 14, 2026
Updated: affectedVersions, cweIds, tags
Jul 15, 2026
Actively Exploited
Jul 16, 2026
Exploit Available
Jul 16, 2026
Patch Available
Jul 16, 2026

Version History

v3
Last enriched 1d ago
v3Tier B1d ago

Updated affected versions and patch availability, added new CWE IDs and CVE tags.

affectedVersionscweIdstags
via CCCS Canada
v2Tier A2d ago

Updated exploit availability to true and noted that the patch was inadvertently left out of the June 2026 release.

exploitAvailableactivelyExploited
via Microsoft MSRC
v12d ago

Initial creation