Skip to main content

Microsoft SharePoint CVE-2026-58644

| EUVDEUVD-2026-43779 CRITICAL
Deserialization of Untrusted Data (CWE-502)
2026-07-14 microsoft GHSA-q6cq-5qpf-q237
9.8
CVSS 3.1 · NVD
Temporal: 8.5
Share

Severity by source

Vendor (microsoft) PRIMARY
CRITICAL
qualitative
NVD
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
8.5 HIGH
cvss
vuln.today AI
9.8 CRITICAL

Unauthenticated network-reachable deserialization yields RCE with no user interaction, giving AV:N/AC:L/PR:N/UI:N and full C:H/I:H/A:H impact within the server's scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 17:46 vuln.today
CVE Published
Jul 14, 2026 - 17:05 nvd
CRITICAL 9.8

DescriptionNVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach SharePoint web endpoint over network
Delivery
Craft malicious serialized .NET payload
Exploit
Submit to vulnerable deserialization endpoint
Execution
Trigger gadget-chain code execution
Persist
Run code as SharePoint app pool
Impact
Deploy web shell and move laterally

Vulnerability AssessmentAI

Exploitation The specific technical prerequisite is that the attacker must be able to reach a vulnerable SharePoint web endpoint over the network and submit untrusted serialized data that the server deserializes (CWE-502) - the deserialization path is the exploitation surface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals converge on genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a SharePoint server over the network sends a crafted HTTP request containing a malicious serialized .NET object to a vulnerable endpoint; when SharePoint deserializes it, an embedded gadget chain executes attacker-chosen commands in the context of the SharePoint application pool. From there the attacker drops a web shell or harvests farm credentials to move laterally. …
Remediation Apply the vendor-released Microsoft security update for your SharePoint edition as the primary fix; the exact patched build should be taken from the Microsoft advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644 (patch confirmed available per vendor, exact fix version not enumerated in the provided data). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all affected SharePoint instances (Enterprise Server 2016, Server 2019, Subscription Edition) and assess network exposure; implement network segmentation or access restrictions on non-critical instances if immediate patching is not feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56164 CRITICAL POC
9.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-45659 HIGH POC
8.8 May 22

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Editi

CVE-2026-50522 CRITICAL
9.8 Jul 14

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated atta

CVE-2026-55040 CRITICAL
9.1 Jul 14

Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) l

CVE-2026-58277 HIGH
8.8 Jul 14

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016 and Server 2019) allows an authenticated netw

CVE-2026-55052 HIGH
8.8 Jul 14

Privilege escalation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets

CVE-2026-55034 HIGH
8.7 Jul 14

Cross-site scripting (CWE-79) in on-premises Microsoft SharePoint Server allows an authenticated, low-privileged attacke

CVE-2026-55021 HIGH
8.7 Jul 14

Spoofing via stored cross-site scripting in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription

CVE-2026-55033 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and Office/SharePoint components that render Word content) stems from an integer

CVE-2026-55038 HIGH
7.8 Jul 14

Arbitrary code execution in Microsoft Office Word (and the broader Office/365/SharePoint family) arises from a stack-bas

CVE-2026-55132 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (part of Microsoft 365 Apps, Office 2019, Office LTSC 2021/2024, and Office for M

CVE-2026-55127 HIGH
7.8 Jul 14

Local code execution in Microsoft Word (and the wider Microsoft Office / Microsoft 365 Apps family) lets an unauthorized

Share

CVE-2026-58644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy