CVE-2026-20963 is a high-severity (CVSS 8.8) remote code execution vulnerability in Microsoft SharePoint caused by the deserialization of untrusted data. It affects Microsoft SharePoint Server versions prior to 16.0.19127.20442, as well as SharePoint Server 2016 and 2019 editions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation, and organizations must apply the patch to upgrade to version 16.0.19127.20442.
CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday. About CVE-2026-20963 CVE-2026-20963 affects Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. It is caused by deserialization of untrusted data and may allow an unauthorized … More → The post CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) appeared first on Help Net Security .