← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-20963 — Actively Exploited: SharePoint (Microsoft)

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CVE IDCVE-2026-20963
VendorMicrosoft
ProductSharePoint
Vulnerability nameMicrosoft SharePoint Deserialization of Untrusted Data Vulnerability
Date added2026-03-18
Remediation due2026-03-21
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →