Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
The vulnerability results from unsafe deserialization of untrusted data (CWE-502) in Microsoft Office SharePoint. An attacker can send a specially crafted payload over the network that will be deserialized by the server without verifying its origin or content. This leads to execution of arbitrary code in the context of the SharePoint server process. The attack requires no authentication or user interaction.
An attacker can gain full control over the vulnerable SharePoint server, including the ability to read and modify data as well as execute arbitrary system commands. A successful attack can lead to violations of system confidentiality, integrity, and availability.
Patches available from the vendor should be applied immediately in accordance with Microsoft Security Response Center references. The vulnerability is actively exploited, so the update should be performed as a priority. Until the patch is deployed, consider restricting network access to SharePoint servers.
Microsoft SharePoint Server — versions indicated in vendor references (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft SharePoint Server
APPMicrosoft20162019< 16.0.19127.20442
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- SharePoint
- Added to KEVi
- March 18, 2026
- Remediation deadline (US Federal)i
- March 21, 2026(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Related vulnerabilities
RCE przez deserialization w Microsoft SharePoint Server (on-premises)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...
Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików
Microsoft Word Remote Code Execution Vulnerability