[Verse 1] Microsoft SharePoint's got a fractured seam CVE-2026-58644, a deserialization scheme Your server trusts the data packets rolling in But the payload's been corrupted from within Untrusted objects slip through every gate The runtime unwraps them — already too late No credentials needed, just a network line An outsider's executing code that should be mine [Chorus] Patch the door before the data bleeds These CVEs are live and planting seeds SharePoint's cracking, FortiSandbox too Unauthenticated strangers running through Three critical flaws, July eighteen the date Log the numbers, escalate — don't wait Deserialization, injection in the shell Unpatched systems ringing like a broken bell [Verse 2] Now Fortinet's got a wound that cuts real deep CVE-2026-25089, the kind that doesn't sleep FortiSandbox, the Cloud build, and the PaaS deploy All carrying an injection flaw an attacker can employ They craft a packet — malefic, purpose-built The OS command runs clean without a jilt No login, no handshake, no stolen keys Just sculpted HTTP and they do what they please [Chorus] Patch the door before the data bleeds These CVEs are live and planting seeds SharePoint's cracking, FortiSandbox too Unauthenticated strangers running through Three critical flaws, July eighteen the date Log the numbers, escalate — don't wait Deserialization, injection in the shell Unpatched systems ringing like a broken bell [Bridge] The word is perfidious — treacherous in quiet disguise These vulnerabilities don't announce themselves, they temporize Waiting in the architecture, patient as rust Until an attacker's crafted request turns your sandbox to dust CVE-2026-39808, the third name on the wall FortiSandbox again, different path — same sprawl HTTP requests, unauthorized code detonates Unauthenticated entry — zero friction at the gates [Verse 3] Three CVEs, one vendor hit back-to-back Fortinet's appliance bleeding through the cracks FortiSandbox built to catch the malware loads But injection flaws rewrite its own source roads SharePoint on the enterprise, the intranet spine Deserialized corruption running down the line Beginner, intermediate — hear the signal clear When the product name is famous, the blast radius is severe [Chorus] Patch the door before the data bleeds These CVEs are live and planting seeds SharePoint's cracking, FortiSandbox too Unauthenticated strangers running through Three critical flaws, July eighteen the date Log the numbers, escalate — don't wait Deserialization, injection in the shell Unpatched systems ringing like a broken bell [Outro] 58644 — deserialize with care 25089 — injected from thin air 39808 — HTTP strikes again Memorize the numbers, know your enemy, then Vendor alerts, your CISO needs to know Fortinet, Microsoft — patch before you go
← Canada Gazette — July 18, 2026 | Critical CVEs (2 of 3) — July 18, 2026 →