CVE-2026-58644 is a Microsoft SharePoint Server remote code execution vulnerability caused by deserialization of untrusted data. It has a CVSS v3.1 base score of 9.8 (Critical) and temporal score of 8.5, with a NETWORK attack vector, LOW attack complexity, NO privileges required, and NO user interaction. Microsoft states an authenticated attacker with at least Site Owner permissions could write arbitrary code to inject and execute code remotely on the SharePoint Server. Exploit status is not publicly disclosed and not known to be exploited, but Microsoft rates exploitation as more likely. This is a high-risk issue for enterprise SharePoint deployments, especially network-reachable servers. Highlights: - CVSS scores: Base 9.8 - Temporal 8.5 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation More Likely - network-based, LOW attack complexity, NO privileges required, and NO user interaction increase risk for exposed SharePoint instances. - Severity for enterprise: Critical severity and high enterprise risk, especially for internet-facing or broadly accessible SharePoint servers; the attack requires authentication at least as Site Owner, which raises the barrier but does not materially reduce the impact if compromise occurs. - Patch status: available Affected systems: - No products listed in product_tree.