"In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute code remotely on the SharePoint Server. The vulnerability, tracked as CVE-2026-20963, was disclosed on January 13, when Microsoft released its January 2026 Patch Tuesday updates and affects SharePoint Server 2016, 2019, and Subscription Edition."
"CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog on March 18, instructing federal agencies to address it by March 21. Microsoft has described the vulnerability as a critical remote code execution flaw (CVSS 9.8) enabled by deserialization of untrusted data, reported by an anonymous researcher."
"Microsoft updated its advisory for CVE-2026-20963 on March 17, but it still does not mention active exploitation. In addition, the flaw has an exploitability assessment of 'exploitation less likely'. There does not appear to be any public information about the attacks exploiting the vulnerability."
CVE-2026-20963, a critical remote code execution vulnerability in Microsoft SharePoint, was disclosed on January 13, 2026, and added to CISA's Known Exploited Vulnerabilities catalog on March 18. The flaw, with a CVSS score of 9.8, stems from deserialization of untrusted data and affects SharePoint Server 2016, 2019, and Subscription Edition. An unauthenticated attacker can exploit this vulnerability in network-based attacks to inject and execute arbitrary code remotely on SharePoint servers. CISA instructed federal agencies to address the vulnerability by March 21. Despite active exploitation reports, Microsoft's advisory maintains an 'exploitation less likely' assessment, and no public details about specific attacks have emerged.
#sharepoint-vulnerability #remote-code-execution #cve-2026-20963 #active-exploitation #cisa-kev-catalog
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]