COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-20963

CVE-2026-20963

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20963
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildransomwaresupply-chainunpatched

Microsoft SharePoint allows remote code execution via deserialization of untrusted data, confirmed as actively exploited.

This vulnerability enables an attacker to execute arbitrary code on Microsoft SharePoint servers by deserializing untrusted data, posing a severe risk to DIB organizations relying on SharePoint for sensitive data. Because it is actively exploited and linked to ransomware campaigns, organizations must immediately patch and review SharePoint configurations to prevent unauthorized access and data exfiltration.

Shame score — Active exploitation of a critical RCE vulnerability in a widely used product indicates a severe security posture failure.

Players implicated

Microsoft · vendorSharePoint · product

Description

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90