Date of Posting: 2026/07/17
【Vulnerability Alert】Two Critical Security Vulnerabilities Exist in Microsoft SharePoint Server
- Subject: 【Vulnerability Alert】Two Critical Security Vulnerabilities Exist in Microsoft SharePoint Server
- Description:
- Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202607-00000009
- Microsoft SharePoint Server is an enterprise-grade collaboration platform that provides document management and team collaboration features, serving as the core platform for enterprise information integration. Recently, Microsoft released critical security advisories (CVE-2026-58644, CVSS: 9.8 and CVE-2026-55040, CVSS: 9.1). CVE-2026-58644 is a Deserialization of Untrusted Data vulnerability, which allows an unauthorized attacker to execute arbitrary code over the network. CVE-2026-55040 is a weak authentication vulnerability, which allows an unauthorized attacker to bypass security features over the network.
- Affected Platforms:
- Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016
- Recommended Actions:
- Please apply the patches according to the solutions released on the official website:
- 【CVE-2026-58644】 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58644
- 【CVE-2026-55040】 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55040
Computer and Communication Center
Network System Division