- Description
- Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sharepoint_server
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Mar 18, 2026
- Exploit action due
- Mar 21, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2026-27522 2 - CVE-2026-3055 3 - CVE-2025-58718 4 - CVE-2026-20963 5 - CVE-2026-21858 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Mar 2026
238 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds #SharePoint (CVE-2026-20963) & #Zimbra (CVE-2025-66376) flaws to its Known Exploited Vulnerabilities catalogue. #CyberSecurity #InfoSec https://t.co/1UfijloBse https://t.co/cPiEijS3Mp
@twelvesec
23 Mar 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24132 2 - CVE-2026-20963 3 - CVE-2023-50428 4 - CVE-2026-0023 5 - CVE-2024-21320 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Mar 2026
175 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Microsoft SharePoint RCE (CVE-2026-20963) and Zimbra XSS (CVE-2025-66376) to its KEV catalog. Update your systems immediately. #CISA #KEVCatalog #SharePoint #Zimbra #CyberSecurity #InfoSec #CVE #RCE #Vulnerability #PatchAlert https://t.co/ovtcE5to4p
@the_yellow_fall
19 Mar 2026
634 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
1 Quote
🚨CISA adds exploited SharePoint and Zimbra flaws to KEV catalog CISA added CVE-2026-20963 in Microsoft SharePoint and CVE-2025-66376 in Zimbra Collaboration Suite to its Known Exploited Vulnerabilities catalog, confirming in-the-wild exploitation and setting federal remediatio
@ThreatSynop
19 Mar 2026
224 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、SharePoint ServerのCVE-2026-20963とZimbraのCVE-2025-66376を別々に追加。対処期限はSharePointが緊急の3/21、Zimbraが通常の4/1。ラ
@__kokumoto
19 Mar 2026
871 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
‼️CISA has added 2 vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability. CVSS: 7.1 CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. CVSS:
@DarkWebInformer
18 Mar 2026
3667 Impressions
6 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "FB9ECA81-C1E2-4B02-A45C-0E5664E3C9B9",
"versionEndExcluding": "16.0.19127.20442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]