{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-00000d3d6941","releaseDate":"2026-07-14T07:00:00-07:00","cveNumber":"CVE-2026-58644","cveTitle":"Microsoft SharePoint Remote Code Execution Vulnerability","releaseNumber":"2026-Jul","vulnType":"Security Vulnerability","latestRevisionDate":"2026-07-15T07:00:00-07:00","description":"<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.</p>\n","cweList":["CWE-502: Deserialization of Untrusted Data"],"cweDetailsListForSearch":["cwe: CWE-502: Deserialization of Untrusted Data","cweUrl: https://cwe.mitre.org/data/definitions/502.html"],"unformattedDescription":"Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.","mitreText":"CVE-2026-58644","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-58644","publiclyDisclosed":"No","exploited":"Yes","latestSoftwareReleaseId":0,"latestSoftwareRelease":"Exploitation Detected","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Office SharePoint","issuingCna":"Microsoft","issuingCnaId":100000001,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"9.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-502: Deserialization of Untrusted Data","https://cwe.mitre.org/data/definitions/502.html"]}],"articles":[{"title":"Microsoft Office SharePoint Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit the vulnerability?</strong></p>\n<p>In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?</strong></p>\n<p>Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?</strong></p>\n<p>The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-58644","version":1,"revisionDate":"2026-07-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"0a4240bf-867c-f111-93a1-000d3ac5fb71"},{"cveNumber":"CVE-2026-58644","version":1.1,"revisionDate":"2026-07-14T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>The Patch for this issue was released but the CVE was inadvertently left out of the Patch Tuesday June 2026 release</p>\n","unformattedDescription":"The Patch for this issue was released but the CVE was inadvertently left out of the Patch Tuesday June 2026 release","notificationNeeded":false,"notificationSent":false,"sourceId":"5822331f-987c-f111-93a1-000d3ac5fb71"},{"cveNumber":"CVE-2026-58644","version":1.2,"revisionDate":"2026-07-15T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 7/14/2026. This is an informational change only.</p>\n","unformattedDescription":"Corrected the Exploitability Index, Exploited flag and CVSS vector which was incorrect at the time of publication on 7/14/2026. This is an informational change only.","notificationNeeded":true,"notificationSent":true,"sourceId":"0db5e59e-7480-f111-93a1-000d3ac5fb71"}]}