compliance · TheHackerNews
CISA added CVE-2026-58644, a critical deserialization vulnerability in Microsoft SharePoint Server, to its Known Exploited Vulnerabilities catalog on July 17, 2026. The flaw (CVSS 9.8) allows an authenticated attacker with Site Owner privileges to execute arbitrary code remotely on affected SharePoint instances. Microsoft confirmed active exploitation in the wild prior to patches released July 14, 2026. The vulnerability affects SharePoint Server Subscription Edition, 2019, and 2016. CISA also reported concurrent exploitation of three additional SharePoint vulnerabilities (CVE-2026-32201, CVE-2026-45659, CVE-2026-56164) used for RCE, machine key theft, and malware deployment. Federal agencies must patch by July 19, 2026.
Defense contractors and government subcontractors housing Controlled Unclassified Information (CUI) on SharePoint Server instances must prioritize patching to meet CMMC Level 2 requirements for vulnerability management and system hardening. SaaS and healthcare organizations relying on on-premises SharePoint deployments should review their patch cadence and network segmentation controls—HIPAA-covered entities and SOC 2–audited platforms cannot defer updates for zero-day RCE vulnerabilities with confirmed exploitation. All regulated organizations should verify AMSI integration, rotate IIS machine keys, and restrict external SharePoint access per CISA guidance. An Omniware engagement can scope whether your current patch and monitoring posture aligns with your compliance obligations.
Source: The Hacker News - https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html
Source: TheHackerNews
All briefings