Active Exploitation of On-Premises SharePoint Server Vulnerabilities
CISA has confirmed active exploitation of multiple vulnerabilities in on-premises SharePoint Server instances, adding three specific flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Assessment
CISA has confirmed active exploitation of multiple vulnerabilities in on-premises SharePoint Server instances, adding three specific flaws to its Known Exploited Vulnerabilities (KEV) catalog. This mandates urgent patching by US federal agencies, indicating a persistent and escalating threat to legacy infrastructure. The specific threat actors leveraging these vulnerabilities remain undisclosed.
Why it matters — Continued exploitation of these vulnerabilities poses a significant risk of unauthorized access and system compromise for organizations utilizing on-premises SharePoint deployments.
Established
- ·Confirmed: CISA has added three SharePoint Server vulnerabilities to its KEV catalog due to active exploitation.
- ·Confirmed: US federal agencies are mandated to patch affected SharePoint Server instances by August 5.
- ·Confirmed: Microsoft has released a patch for CVE-2026-58644, a critical RCE vulnerability in on-premises SharePoint, following confirmed exploitation.
- ·Unclear: The specific threat actors involved in the exploitation of these SharePoint vulnerabilities remain undisclosed.
Indicators to watch
- →Identification of specific threat actors exploiting SharePoint vulnerabilities
- →Reports of successful compromises linked to these SharePoint vulnerabilities outside of federal agencies
- →Further CISA advisories or emergency directives related to SharePoint or other legacy infrastructure vulnerabilities
Evidence
Central claim — CISA issues urgent advisory on active exploitation of on-premises SharePoint vulnerabilities67% on claim
Topics cisa · sharepoint · vulnerability · cybersecurity · patching · fortinet · cve-2026-58644 · rce
Discussion
…Sign in to add a note, contribute a source, or challenge the assessment.