NEW: Group Profiler — instant APT intel lookup. Try it →

← all advisories

CVE-2026-58644

Confirmed by 4 independent sources tracked by ThreatFilter. First reported 2026-07-14 14:00 UTC , most recent 2026-07-17 18:18 UTC.

INFO 9.8 CISA KEV EXPLOITED microsoft

Corroboration timeline

Each row is the first time that source reported this CVE, so the lag column shows how long each took relative to the earliest report. Independent corroboration is a confidence signal that a single advisory cannot give you.

  1. microsoft-msrc 2026-07-14 14:00 UTC

    CVE-2026-58644 Microsoft SharePoint Remote Code Execution Vulnerability

  2. cisa-kev 2026-07-16 00:00 UTC +34h

    CVE-2026-58644 — Microsoft SharePoint: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

  3. thehackernews 2026-07-17 06:42 UTC +3d

    CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

  4. rapid7-blog 2026-07-17 18:18 UTC +3d

    CVE-2026-58644: Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability Exploited in the Wild

How this page is built

ThreatFilter ingests 50+ public threat-intelligence feeds. A page is published here only when at least 3 distinct sources report the same CVE — roughly 0.2% of the CVEs seen. Everything above is derived from those feeds; nothing is hand-written, and the timeline is the raw record of what each source published and when.

See the live advisory feed, the full source list, or the analyst tools.