CVE-2026-58644

Microsoft · SharePoint

A deserialization of untrusted data vulnerability in Microsoft SharePoint allows an unauthenticated, remote attacker to execute arbitrary code.

Executive summary

A critical remote code execution vulnerability exists in Microsoft SharePoint that allows unauthenticated attackers to compromise affected servers.

Vulnerability

The software fails to properly sanitize serialized data, allowing an unauthenticated attacker to trigger remote code execution via a crafted network request.

Business impact

This vulnerability carries a CVSS score of 9.8, indicating a critical risk to business continuity and data integrity. Successful exploitation grants an attacker full control over the SharePoint environment, leading to potential data theft, lateral movement within the network, and complete system compromise.

Remediation

Immediate Action: Apply the security updates provided by Microsoft in the official security advisory immediately to patch the affected SharePoint versions.

Proactive Monitoring: Monitor network traffic for unexpected serialized objects or unusual process execution originating from the SharePoint service account.

Compensating Controls: Deploy a Web Application Firewall with rules configured to inspect and block suspicious serialized payloads targeting SharePoint entry points.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Given the critical severity and remote exploitability, organizations must prioritize patching these SharePoint instances. Failure to apply these updates leaves the organization susceptible to full system compromise by unauthenticated remote actors.