A critical Microsoft SharePoint vulnerability (CVE-2026-20963) disclosed in January has been observed exploited in the wild and was added to CISA’s Known Exploited Vulnerabilities catalog. The deserialization-based remote code execution flaw affects SharePoint Server 2016, 2019, and Subscription Edition and was rated CVSS 9.8 with federal remediation required. #CVE-2026-20963 #SharePointServer
Keypoints
- CVE-2026-20963 is a critical remote code execution flaw in Microsoft SharePoint enabled by deserialization of untrusted data.
- Microsoft disclosed the vulnerability on January 13 as part of its January 2026 Patch Tuesday updates.
- CISA added the issue to its KEV catalog on March 18 and instructed federal agencies to remediate by March 21.
- The flaw affects SharePoint Server 2016, 2019, and Subscription Edition and was reported by an anonymous researcher.
- Microsoft’s advisory assigns an “exploitation less likely” assessment and there are no public details about active attacks so far.
Read More: https://www.securityweek.com/cisa-warns-of-attacks-exploiting-recent-sharepoint-vulnerability/