Skip to main content
✓ Resolved↓ De-escalatingCyber

Active Exploitation of On-Premises SharePoint Server Vulnerabilities

CISA has confirmed active exploitation of multiple vulnerabilities in on-premises SharePoint Server instances, adding three specific flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Impact
7.8
Confidence
High
Evidence
3 sig · 2 src
Trajectory
↓ De-escalating
Geo
US
First seen Jul 14·Updated Jul 17·Synthesized Jul 17
Export brief

Assessment

High confidence3/3 signals corroborated across 2 independent sources

CISA has confirmed active exploitation of multiple vulnerabilities in on-premises SharePoint Server instances, adding three specific flaws to its Known Exploited Vulnerabilities (KEV) catalog. This mandates urgent patching by US federal agencies, indicating a persistent and escalating threat to legacy infrastructure. The specific threat actors leveraging these vulnerabilities remain undisclosed.

Why it matters — Continued exploitation of these vulnerabilities poses a significant risk of unauthorized access and system compromise for organizations utilizing on-premises SharePoint deployments.

Established

  • ·Confirmed: CISA has added three SharePoint Server vulnerabilities to its KEV catalog due to active exploitation.
  • ·Confirmed: US federal agencies are mandated to patch affected SharePoint Server instances by August 5.
  • ·Confirmed: Microsoft has released a patch for CVE-2026-58644, a critical RCE vulnerability in on-premises SharePoint, following confirmed exploitation.
  • ·Unclear: The specific threat actors involved in the exploitation of these SharePoint vulnerabilities remain undisclosed.

Indicators to watch

  • Identification of specific threat actors exploiting SharePoint vulnerabilities
  • Reports of successful compromises linked to these SharePoint vulnerabilities outside of federal agencies
  • Further CISA advisories or emergency directives related to SharePoint or other legacy infrastructure vulnerabilities

Evidence

Confirmed · 2 independent sources · 3 signals · 2 independent sources

Central claimCISA issues urgent advisory on active exploitation of on-premises SharePoint vulnerabilities67% on claim

Corroborated2 · 2 src · best low 55%
Context1 · 1 src · best low 55%
Prior · historical1 · 1 src · best high 94%

Topics cisa · sharepoint · vulnerability · cybersecurity · patching · fortinet · cve-2026-58644 · rce

Discussion

Sign in to add a note, contribute a source, or challenge the assessment.