CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2026-20963

CVSS 9.8v3.1pub. 2026-01-13upd. 2026-04-01

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

🤖 AI Analysis
How it works

The vulnerability results from unsafe deserialization of untrusted data (CWE-502) in Microsoft Office SharePoint. An attacker can send a specially crafted payload over the network that will be deserialized by the server without verifying its origin or content. This leads to execution of arbitrary code in the context of the SharePoint server process. The attack requires no authentication or user interaction.

Impact

An attacker can gain full control over the vulnerable SharePoint server, including the ability to read and modify data as well as execute arbitrary system commands. A successful attack can lead to violations of system confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the vendor should be applied immediately in accordance with Microsoft Security Response Center references. The vulnerability is actively exploited, so the update should be performed as a priority. Until the patch is deployed, consider restricting network access to SharePoint servers.

Who is affected

Microsoft SharePoint Server — versions indicated in vendor references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft SharePoint Server

    APP
    Microsoft
    20162019< 16.0.19127.20442

CISA KEV — detailsi

Vendori
Microsoft
Producti
SharePoint
Added to KEVi
March 18, 2026
Remediation deadline (US Federal)i
March 21, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 21 marca 2026
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2025-53770CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserialization w Microsoft SharePoint Server (on-premises)

CVE-2023-29357CRITICAL9.8⚠ KEVten sam produkt

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2019-0604CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...

CVE-2024-33879CRITICAL9.8PL ✓ten sam produkt

Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików

CVE-2023-21716CRITICAL9.8ten sam produkt

Microsoft Word Remote Code Execution Vulnerability