CVE-2026-20963
Published Jan 13, 2026
Last updated a month ago
AI description
CVE-2026-20963 is a deserialization of untrusted data vulnerability impacting Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. This flaw allows an unauthorized attacker to achieve remote code execution (RCE) through a low-complexity network-based attack. No user interaction is required for exploitation, enabling an unauthenticated attacker to inject and execute arbitrary code remotely on the SharePoint Server. The vulnerability stems from improper handling of untrusted data during deserialization operations. Although Microsoft initially assessed the vulnerability as "less likely" to be exploited when the fix was released in January 2026, the US Cybersecurity and Infrastructure Security Agency (CISA) later added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.
- Description
- Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sharepoint_server
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Mar 18, 2026
- Exploit action due
- Mar 21, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
🔍 セキュリティ専門家の皆様、注意してください! 新しい重要な CVE には即時の対応が必要です。 CVE-2026-20963 (SharePoint) – 逆シリアル化による RCE CVE-2025-48827 (vBulletin) – CVSS 10.0、積極的に悪用されています CV
@jordano_mazzoni
16 Apr 2026
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 Attention, security professionals! New critical CVEs require immediate action: CVE-2026-20963 (SharePoint) – RCE via deserialization CVE-2025-48827 (vBulletin) – CVSS 10.0, actively exploited CVE-2025-70401/70400 (UniFi) – Path traversal and RCE with network access
@jordano_mazzoni
16 Apr 2026
74 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-27522 2 - CVE-2026-3055 3 - CVE-2025-58718 4 - CVE-2026-20963 5 - CVE-2026-21858 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Mar 2026
238 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds #SharePoint (CVE-2026-20963) & #Zimbra (CVE-2025-66376) flaws to its Known Exploited Vulnerabilities catalogue. #CyberSecurity #InfoSec https://t.co/1UfijloBse https://t.co/cPiEijS3Mp
@twelvesec
23 Mar 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24132 2 - CVE-2026-20963 3 - CVE-2023-50428 4 - CVE-2026-0023 5 - CVE-2024-21320 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Mar 2026
175 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Microsoft SharePoint RCE (CVE-2026-20963) and Zimbra XSS (CVE-2025-66376) to its KEV catalog. Update your systems immediately. #CISA #KEVCatalog #SharePoint #Zimbra #CyberSecurity #InfoSec #CVE #RCE #Vulnerability #PatchAlert https://t.co/ovtcE5to4p
@the_yellow_fall
19 Mar 2026
634 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
1 Quote
🚨CISA adds exploited SharePoint and Zimbra flaws to KEV catalog CISA added CVE-2026-20963 in Microsoft SharePoint and CVE-2025-66376 in Zimbra Collaboration Suite to its Known Exploited Vulnerabilities catalog, confirming in-the-wild exploitation and setting federal remediatio
@ThreatSynop
19 Mar 2026
224 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、SharePoint ServerのCVE-2026-20963とZimbraのCVE-2025-66376を別々に追加。対処期限はSharePointが緊急の3/21、Zimbraが通常の4/1。ラ
@__kokumoto
19 Mar 2026
871 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
‼️CISA has added 2 vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability. CVSS: 7.1 CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. CVSS:
@DarkWebInformer
18 Mar 2026
3667 Impressions
6 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "FB9ECA81-C1E2-4B02-A45C-0E5664E3C9B9",
"versionEndExcluding": "16.0.19127.20442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]