CVE-2026-20963

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 31.1%● KEVCWE-502

In short

Microsoft SharePoint has a critical flaw that allows attackers to run malicious code on servers by sending specially crafted files. This happens because the software processes untrusted data without proper validation, putting all data on affected systems at risk.

Technical detail

CVE-2026-20963 exploits unsafe deserialization (CWE-502) in SharePoint's data processing, enabling remote code execution via network-based payload delivery. The vulnerability requires no authentication and allows an attacker to execute arbitrary code with SharePoint service privileges, affecting confidentiality, integrity, and availability of hosted content and systems.

Summary generated and translated by AI from the official description.

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft SharePoint Enterprise Server 2016 Microsoft · Microsoft SharePoint Server 2019 Microsoft · Microsoft SharePoint Server Subscription Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20963