CVE-2026-20963
Published: 13 January 2026
Description
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching of the specific deserialization vulnerability in Microsoft Office SharePoint to prevent remote unauthorized code execution.
Information input validation directly counters deserialization of untrusted data (CWE-502) by rejecting malformed or malicious serialized payloads.
Vulnerability monitoring and scanning detects the CVE-2026-20963 flaw in SharePoint systems, enabling remediation before exploitation.
Security SummaryAI
CVE-2026-20963 is a deserialization of untrusted data vulnerability (CWE-502) in Microsoft Office SharePoint. Published on 2026-01-13, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
An unauthorized attacker can exploit this vulnerability remotely over a network with low attack complexity, requiring no privileges or user interaction. Successful exploitation enables arbitrary code execution on the affected SharePoint server.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 provides details on patches and mitigation steps. Additionally, the vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20963, indicating active exploitation in the wild.
Details
- CWE(s)
- KEV Date Added
- 18 March 2026
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability in Microsoft Office SharePoint enables arbitrary remote code execution with low privileges over the network, directly facilitating exploitation of a public-facing web application.