CVE-2026-58644 affecting SharePoint Server

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

4:00PM, 17 July 2026

TLP Rating: Clear

CVE-2026-58644 affecting SharePoint Server

A critical vulnerability in Microsoft SharePoint is under active exploitation.

CVE-2026-58644 is a deserialization of untrusted data vulnerability which can enable an unauthorised attacker to execute code over a network.

The NCSC encourages organisations in New Zealand that use affected versions of the product to review the vendor advisory and apply the remediation as soon as possible.

What's happening

Systems affected

This vulnerability affects the following products:

  • Microsoft SharePoint Enterprise Server 2016
    16.0.0 before 16.0.5556.1005
  • Microsoft SharePoint Server 2019
    16.0.0 before 16.0.10417.20153 
  • Microsoft SharePoint Server Subscription Edition
    16.0.0 before 16.0.19725.20384 

What to do

Prevention

To prevent exploitation, update affected products to a patched version. If remediation or mitigation action cannot be undertaken immediately, then we recommend isolating SharePoint from the internet.

More information

Read more about this alert on the vendor website:

CVE-2026-58644 - Security Update Guide - Microsoft - Microsoft SharePoint Remote Code Execution Vulnerability External Link External Link

If you require more information or further support, submit a report on our website:

Report an incident