CVE-2026-20963: Microsoft SharePoint Remote Code Execution Vulnerability
Overview
- Severity
- Critical (CVSS 9.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2026-Jan
- Released
- 2026-01-13
- Last Updated
- 2026-03-17
- EPSS Score
- 6.00% (percentile: 90.7%)
- CISA KEV
- Listed — due 2026-03-21
Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
In a network-based attack, an unauthenticated attacker could write arbitrary code to inject and execute code remotely on the SharePoint Server.
Detection & Weaponization (1 sources)
Maturity: Exploit
- GitHub PoC: 1 repositories
Affected Products (3)
Microsoft Office
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
Security Updates (3)
Acknowledgments
Anonymous, f7d8c52bec79e42795cf15888b85cbad, Anonymous, Anonymous
Revision History
- 2026-01-13: Information published.
- 2026-03-17: Updated the CVSS score and corrected FAQs. This is an informational change only.