Federal Alert: SharePoint and Fortinet Flaws Under Attack

The government is warning that hackers are actively exploiting fresh bugs in Microsoft SharePoint and Fortinet security software right now.

Federal Alert: SharePoint and Fortinet Flaws Under Attack

What happened

The federal government's cybersecurity watchdog issued urgent warnings this week about serious flaws in two widely used business tools: Microsoft SharePoint and Fortinet's FortiSandbox platform. Both sets of vulnerabilities are already being used by hackers in real attacks, not just theoretical risks sitting in a lab somewhere.

The Cybersecurity and Infrastructure Security Agency, known as CISA, added all of these flaws to its official list of vulnerabilities that are confirmed to be exploited in the wild. When something lands on that list, federal agencies are given a hard deadline to fix it. For the SharePoint bug, that deadline is July 19, 2026.

The SharePoint problem

SharePoint is a Microsoft product that businesses, schools, and government offices use to store files, share documents, and manage internal websites. It sits behind the scenes of a huge number of organizations, which makes any serious flaw in it a big deal.

The newly found bug, tracked as CVE-2026-58644, scored a 9.8 out of 10 for severity, which puts it near the top of the danger scale. It is what security experts call a deserialization flaw. In plain terms, it lets an attacker who already has some level of access to the server trick it into running malicious commands. Once that happens, the attacker can take control of the server itself.

What makes this case notable is how fast attackers moved. Researchers found this bug and it was already being used against real targets shortly after it became public knowledge. That short window between disclosure and exploitation is becoming more common, and it leaves very little time for organizations to react before hackers start knocking.

The Fortinet problem

Fortinet's FortiSandbox is a security tool that companies use to catch malware before it can spread across their networks. It works by testing suspicious files in an isolated environment to see if they behave in harmful ways.

Two separate vulnerabilities in this product are now confirmed to be under active attack. CISA has told federal agencies to treat these as an immediate priority, meaning the fixes need to go in right away rather than waiting for a routine update cycle. The irony is not lost on security professionals: a tool built to detect malware has itself become an entry point for attackers.

Why this matters beyond the government

These warnings are aimed at federal agencies, but the underlying risk touches far more people. SharePoint and Fortinet products are used by thousands of private companies, hospitals, schools, and local governments. If your workplace uses either of these tools, and there is a decent chance it does even if you never interact with it directly, then this news is relevant to you.

Attacks like these rarely stay contained to the original target. Once hackers gain a foothold on a server, they often use that access to steal customer data, plant ransomware, or move further into a network to find more valuable information. That can mean stolen personal records, leaked emails, or systems getting locked down and held for ransom, all of which eventually affects regular employees and customers, not just IT departments.

What you should do

  • Check with your IT team or provider. If your workplace runs SharePoint Server or Fortinet security products, ask whether the latest patches have been applied. This is not a "wait and see" situation given how quickly these flaws are being exploited.
  • Update software immediately when prompted. Whether at work or at home, do not delay security updates on any system, especially ones flagged as actively exploited.
  • Watch for unusual account activity. If your company uses SharePoint, keep an eye out for strange login attempts, unexpected file changes, or alerts from your security team, and report anything odd right away.
  • Use strong, unique passwords and enable two factor authentication wherever it is offered, since stolen credentials are often the first step attackers use to get into systems like these.
  • If you run a small business, consider asking your managed IT provider directly whether any of your systems are affected, rather than assuming someone else is handling it.