"CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the time, the vulnerability was neither publicly known nor exploited, according to Microsoft, which deemed exploitation "less likely.""
"Fast forward to Wednesday when the US Cybersecurity and Infrastructure Agency added CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, gave federal agencies just three days to issue a patch, and said it's unknown if ransomware criminals are among those exploiting the SharePoint bug."
"Back in July, Microsoft patched the so-called ToolShell vulnerability (CVE-2025-53770), a critical remote code execution bug in on-premises SharePoint servers. Before it was fixed, however, Chinese attackers found and exploited the bug as a zero-day, compromising more than 400 organizations, including the US Energy Department."
CVE-2026-20963 is a critical deserialization flaw in Microsoft SharePoint allowing unauthenticated attackers to execute code remotely without user interaction. Microsoft patched the vulnerability in January Patch Tuesday when it was neither publicly known nor exploited. CISA added it to its Known Exploited Vulnerabilities catalog on Wednesday, indicating active exploitation by unknown threat actors and giving federal agencies three days to patch. Microsoft initially deemed exploitation unlikely but has not updated advisories confirming active exploitation. The vulnerability follows previous SharePoint mass-exploitation campaigns, including the ToolShell vulnerability exploited by Chinese state-backed groups and ransomware operators.
#microsoft-sharepoint-vulnerability #cve-2026-20963 #remote-code-execution #active-exploitation #cybersecurity-threat
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]