
CISA adds SharePoint zero-day to KEV, agencies told to patch by July 19
CISA added CVE-2026-58644, a critical deserialization RCE in Microsoft SharePoint Server, to the Known Exploited Vulnerabilities catalog, with FCEB agencies required to patch by July 19, 2026. Microsoft said the flaw was exploited in the wild before fixes were released (patches issued July 14, 2026). The warning comes as CISA notes ongoing exploitation of multiple on-premises SharePoint vulnerabilities and urges hardening steps: apply patches, enable AMSI, scan for intrusion artifacts, tailor logging, and avoid exposing SharePoint servers to the internet.