Exposures › CVE-2026-20963
Microsoft SharePoint allows remote code execution via deserialization of untrusted data, confirmed as actively exploited.
This vulnerability enables an attacker to execute arbitrary code on Microsoft SharePoint servers by deserializing untrusted data, posing a severe risk to DIB organizations relying on SharePoint for sensitive data. Because it is actively exploited and linked to ransomware campaigns, organizations must immediately patch and review SharePoint configurations to prevent unauthorized access and data exfiltration.
Shame score — Active exploitation of a critical RCE vulnerability in a widely used product indicates a severe security posture failure.
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |