CVE-2026-58277 is a Microsoft SharePoint Server elevation of privilege vulnerability caused by improper authorization. It has a CVSS v3.1 base score of 8.8 (High) and a temporal score of 7.7, with a network attack vector, low attack complexity, low privileges required, and no user interaction. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity listed as UNPROVEN. The issue affects SharePoint Server 2016 and SharePoint Enterprise Server 2016 according to the FAQ. In enterprise environments, this is relevant because it is network-reachable and requires only low privileges to exploit, making it higher risk than local-only issues, though it is not reported as actively exploited. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Elevation of Privilege; confidentiality HIGH, integrity HIGH, availability HIGH - Exploitation likelihood: Not stated as "Exploitation More Likely"; source notes latest software release indicates "Exploitation Less Likely" and the vector is NETWORK with LOW attack complexity, LOW privileges, and NONE user interaction - Severity for enterprise: High due to network exposure and low attacker requirements, especially for SharePoint deployments accessible to internal or external networks - Patch status: available; customer action required Affected systems: - SharePoint Server 2016 - SharePoint Enterprise Server 2016