CVE-2026-58644

Published Jul 14, 2026

Last updated 2 hours ago

Overview

Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
sharepoint_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Exploit added on
Jul 16, 2026
Exploit action due
Jul 19, 2026
Required action
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Weaknesses

secure@microsoft.com
CWE-502

Social media

Hype score
Not currently trending

Configurations