CVE-2026-58644 – Microsoft SharePoint Remote Code Execution Vulnerability
“A vulnerable SharePoint server can quickly become the doorway to a much larger compromise across the organization.”
A deserialization of untrusted data vulnerability in Microsoft SharePoint allows an attacker to execute arbitrary code over the network. Microsoft states that the attack can be carried out remotely and requires no user interaction, making this a high-risk vulnerability for organizations that rely on SharePoint Server. Security updates are available for supported SharePoint versions.
CVSS Score: 9.8
SEVERITY: Critical
THREAT:
This vulnerability allows remote code execution on Microsoft SharePoint Server through insecure deserialization of untrusted data. An attacker who is authenticated as at least a Site Owner can write arbitrary code that is executed on the SharePoint server. Successful exploitation could result in complete server compromise, enabling attackers to deploy malware, steal sensitive information, alter content, or pivot deeper into the enterprise network.
EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as more likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.
TECHNICAL SUMMARY:
The vulnerability is caused by deserialization of untrusted data (CWE-502) within Microsoft SharePoint. Improper validation of serialized data allows an attacker to inject and execute arbitrary code on the SharePoint server. Microsoft states that the vulnerability is remotely exploitable over the network with low attack complexity and does not require user interaction. The revision history also notes that the security update for this vulnerability had already been released but the CVE was inadvertently omitted from the June 2026 Patch Tuesday release.
EXPLOITABILITY:
Affected products include Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. Microsoft states that SharePoint Server 2016 uses the same update package as SharePoint Enterprise Server 2016. Exploitation is performed over the network, requires no user interaction, and Microsoft states that an attacker authenticated as at least a Site Owner can inject and execute arbitrary code on the server.
BUSINESS IMPACT:
SharePoint servers often store sensitive corporate documents and serve as collaboration hubs for the organization. Successful exploitation could allow attackers to compromise the SharePoint environment, access confidential business data, deploy malicious code, disrupt business operations, and use the compromised server as a platform for further attacks within the network.
WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for affected SharePoint Server deployments.
URGENCY:
This vulnerability should be deployed urgently because it is rated Critical and has a CVSS v3.1 Base Score of 9.8. The vulnerability is remotely exploitable over the network with low attack complexity and requires no user interaction. Microsoft also assesses exploitation as more likely, making timely remediation particularly important for internet-facing and business-critical SharePoint servers.
Key Details
- Affected Product
- Microsoft Sharepoint Server
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502