By Zeljka Zorz
Publication Date: 2026-03-19 11:18:00
CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers.
The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday.
About CVE-2026-20963
CVE-2026-20963 affects Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016.
It is caused by deserialization of untrusted data and may allow an unauthorized attacker to achieve RCE through a low-complexity attack.
“In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute code remotely on the SharePoint Server,” Microsoft explained in the related security advisory published on January 13, 2026.
No user interaction is required for CVE-2026-20963 exploitation.
At the time of the release of the fix, Microsoft…
