CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities

https://www.securityweek.com/wp-content/uploads/2023/06/SharePoint-Ransomware-attack.jpg

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday urged immediate hardening of Microsoft SharePoint servers in light of recently disclosed zero-day vulnerabilities.

The freshest of the exploited flaws is CVE-2026-56164, a privilege escalation issue that can be exploited remotely without authentication, and which was resolved with Microsoft’s July 2026 Patch Tuesday updates.

On Tuesday, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days, in line with BOD 26-04 recommendations.

Microsoft’s latest round of security updates also resolved CVE-2026-55040 and CVE-2026-58644, critical-severity SharePoint bugs that could be exploited remotely to bypass a security feature and to execute arbitrary code.

Although not flagged as exploited, these vulnerabilities pose a risk to organizations if they are not patched in due time, CISA warns.

The cybersecurity agency also draws attention to CVE-2026-32201, a spoofing issue in SharePoint patched in...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more