CISA warns that a critical Microsoft SharePoint vulnerability patched in January, tracked as CVE-2026-20963, is being exploited in attacks against unpatched servers including SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Federal agencies were ordered to remediate by March 21, and CISA urged all defenders to apply mitigations or patches while also flagging a separate Zimbra stored XSS flaw as actively exploited. #CVE-2026-20963 #SharePoint #CISA #Zimbra
Keypoints
- CVE-2026-20963 is a critical SharePoint vulnerability patched by Microsoft in January.
- Successful exploitation enables unauthenticated remote code execution via deserialization of untrusted data.
- SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition are affected, while older end-of-support versions remain vulnerable.
- CISA added the flaw to its catalog of actively exploited vulnerabilities and ordered federal agencies to remediate by March 21.
- CISA urged applying vendor mitigations or discontinuing affected products and also flagged an actively exploited Zimbra stored XSS weakness.